As many of you will know, last week saw publication of a new set of security vulnerabilities.Affected hardware and software vendors were made aware back in July 2017 with the original public disclosure date set for January 9th 2018, but instead it was made public early on January 3rd.
What is it? What does it do?
Spectre can manipulate a process into revealing its own data, while Meltdown can exploit a process to read memory assigned to the Kernel or other processes, even if its not normally allowed to do so.The vulnerabilities are known to affect primarily Intel processors, although Spectre can be used against Intel, AMD and many ARM processors.It affects Linux, Windows, macOS, and can affect embedded devices such as smart TV's.Raspberry Pi's are not vulnerable.
In terms of virtual servers, Meltdown can be exploited to extract data from memory within the same virtual server, but not between virtual servers.One customers' VM cannot read memory of another customers' VM.
The majority of HA Hosting’s Virtual Machines are already protected against Spectre due to the way they are virtualised.
Container based Virtual Machines (such as Virtuozzo or OpenVZ) are vulnerable as they share the same Kernel memory space.HA Hosting do not currently deploy Container VM's, so none of our customers are affected by this.
Microsoft have now released emergency patches to Windows Server, as well as Windows 10, 8.1, and 7.Red Hat have released Kernel updates to RHEL 6 and 7, these patches have been ported to CentOS 6 & 7.Canonical have released test Kernels for Ubuntu, but at time of writing these are not yet considered stable. macOS since 10.13.2 includes the patch.
The term "patch" is accurate, as the underlying issue is hardware based and cannot be mitigated without new hardware, involving a redesign of CPU architecture.
What are we doing? What can you do?
Now patches are being released, we encourage all customers ensure their servers and desktops are updated.
- HA Hosting Infrastructure and Cloud Services
We will be scheduling Kernel updates to our own servers this week.Due to the required reboots, we will have to restart some services and/or move virtual machines between cluster nodes while we do the work.We will try to keep disruption to a minimum.
This applies to shared web and email hosting, Hosted Exchange, DNS, Control Panels etc…
- Customers with Operating System Support
If your dedicated server, virtual server, or colocation server has an OS support contract with us, we will be contacting you this week to arrange installation of patches on your servers.If you wish to opt-out of having the patch enabled, let us know when we contact you - the opt-out only applies to Linux servers.
- Customers without Operating System Support
If your dedicated server, virtual server, or colocation server doesn’t have an Operating System support contact with us, we recommend you update your system via Microsoft Update, apt, yum, or whichever installation service you normally use.If you don't have a support contract with us but would like a quote for us to install patches on your servers, contact firstname.lastname@example.org.
HA Hosting Support