SUMMARY
HorizonIQ has become aware of security vulnerabilities affecting most known processors. These vulnerabilities were recently exposed by various security experts.
These vulnerabilities have been dubbed Meltdown and Spectre.
“These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.”- meltdownattack.com, January 5th, 2018
In most cases, local access to the computer is required to exploit these vulnerabilities. At the time of this writing, there are no known attempts to exploit these vulnerabilities.
A potential attacker with unauthorized access could execute malicious code through other applications to access memory from other processes.
Following industry best practices, HorizonIQ strongly recommends that customers keep their operating systems up to date and ensure that security updates are performed and vendor recommended patches are installed as well.
FIX
Listed below are links from vendors on how to patch the most popular server operating systems including
Ubuntu
Centos
Red Hat Entreprise Linux
Debian
Windows Server
VMWare
For operating systems not listed above, customers should contact their vendor for instructions and more information to address these vulnerabilities.
FIX IMPACTS
Industry feedback has indicated that there is a potential for performance impacts as a result of some patches. The reported impacts vary from minimal to noticeable latency on databases. HorizonIQ does not have precise impact details at this time. We will continue to monitor the information available for these vulnerabilities.
TECHNICAL INFORMATION
For more information and in-depth details please visit https://meltdownattack.com
Official CVE’s reported:
CVE-2017-5754
CVE-2017-5753
CVE-2017-5715
NEXT STEPS
INAP takes all vulnerabilities seriously. We are taking precautionary steps internally and with all partners and vendors regarding mitigation.
Information about these vulnerabilities is still developing and INAP is in constant communication with its partners and vendors.
INAP will keep its customers updated as more information becomes available. If you have any questions, please contact support at +1 877.843.7627.