Company Update: Meltdown and Spectre Vulnerabilities
Cloudhelix is aware of potential security exposures with certain Intel CPU components, which have been named the ‘Meltdown’ and ‘Spectre’ vulnerabilities.
The Meltdown vulnerabilities (Common Vulnerabilities and Exposures references CVE-2017-5754, CVE-2017-5753 and CVE-2017-5715) are related to speculative execution mechanisms supported by many modern processors. During code prediction, a CPU could move data from one memory location to another and under certain conditions pieces of this data could be observed by an exploit.
At this moment, Intel is not aware of any malware that is using these exploits.
Cloudhelix advises its clients to be responsible with software installs during this time in order to reduce the risk presented by Meltdown. As standard, Cloudhelix deploys good practice and mitigation in order to reduce potential threats.
For ESXi hosts on Cloudhelix’s multi-tenanted platform, VMware have published an update which Cloudhelix have applied. HP have published an BIOS update which has also been applied to these hosts. Customers with dedicated hardware platforms have been contacted individually by their service management team to arrange a time to apply the above patches.
To mitigate the Meltdown vulnerabilities, Microsoft, Apple and Linux kernel vendors will provide patches for their operating system via their normal update cycle. For customers subscribing to a managed service from Cloudhelix, these patches will be applied by Cloudhelix in the customer’s defined patching window and an automated ticket opened to confirm when work is complete.
| OS TYPE | REMEDIATION METHOD |
|
Windows Server 2016 |
Install the following KB: 4056890 |
|
Windows Server 2012 R2 |
Install the following KB: 4056898 |
|
Windows Server 2008 R2 |
Install the following KB: 4056897 |
|
Windows Server 2008 |
the following KB: Not available |
|
RHEL/CentOS 7.x |
Apply all Important security updates including: kernel-3.10.0-693.11.6.el7 |
|
RHEL/CentOS 6.x |
Apply all Important security updates including: kernel-2.6.32-696.18.7.el6 |
|
Ubuntu |
Check for latest update at the following link: https://goo.gl/1THtZx |
For the Spectre vulnerability, software updates to patch particular flows are possible, though not yet available. The vulnerability is caused by the way microprocessors function, which means there’s no solution to patch the exploit without redesigning the operating system and microprocessor itself.
If customers have specific questions or concerns, please email support@cloudhelix.io where the team will be able to answer specific queries.
There is also a page on the Intel website with frequently asked questions and additional info on the vulnerabilities, as well as an announcement listing all CPUs known to be affected.
Question?
Our specialists have the answer