Two critical security vulnerabilities, known as Meltdown and Spectre, have recently been disclosed which affects many modern operating systems and processors.
Meltdown
Breaks the most fundamental isolation between user applications and the operating system. This vulnerability allows a program to access the memory, and the data of other programs and the operating system.
Spectre
Breaks the isolation between different applications, allowing an attacker to trick error-free programs, which follow best practices into leaking data.
What is being done?
Operating system vendors have released patches to prevent these vulnerabilities being utilised as an attack vector, and these patches were installed for managed customers only as they became available.
Intel, AMD, and ARM are working on releasing further fixes for their vulnerable CPUs, however, due to the nature these identified vulnerabilities it is not possible to guarantee the issue has been fully mitigated.
Working with our hardware vendors, we will look at rolling out further fixes as they become available. This work may involve the roll out of a new BIOS Firmware that will need installing on all servers, this will result in servers being taken offline, and all customers will be contacted directly by email to arrange scheduling.
CWCS will notify customers regarding system reboots on our production servers via our status website.
If you would like to discuss this update, or you are a non-managed customer and would like your server patched, please call 0808 133 3247 or submit a support ticket.
For detailed information on the vulnerability, how it was discovered, and how it can be used, see Project Zero team at Google.
CWCS are here to look after your online infrastructure, so you can look after your business!
Wednesday, January 10, 2018
