Meltdown and Spectre
Earlier last week, multiple vulnerabilities were released that affect nearly every modern server and desktop computer running on Intel processors, including Windows, Macs, and Linux Systems. The vulnerabilities are now being generally known as “Meltdown” and “Spectre”. These vulnerabilities affect Host Capitol and many other service providers. Since becoming aware of these critical vulnerabilities, Host Capitol has been working diligently to plan and implement the best resolution for our customers. Our security and development teams have been working with our vendors to deploy the required updates to mitigate vulnerabilities.
So, what are these vulnerabilities?
Both are hardware bugs that allow information being processed on a computer, or server, to be obtained by non-privileged programs. Normally, programs are prohibited from reading data in use by other programs – for security reasons. However, when exploited, Meltdown and Spectre allow this normally secret information to be read by any software that’s asking for it. “Meltdown” breaks the isolation between programs and the underlying operating system, while “Spectre” breaks the isolation between running programs.
Due to the severity of Meltdown and Spectre, it is highly recommended to update all potentially affected systems promptly, once a patch is made available. Many modern operating systems and vendors have already announced plans to release patches as quickly as possible to mitigate the risks of these vulnerabilities. Intel is prioritizing the the fixes for more recent machines and has already released patches for the vast majority of processors made in the last 5 years. Based on the requirements of many, if not all, of these patches, it will be required to reboot affected customers’ servers. We have scheduled these reboots, and updated affected customers prior to them taking place.
Presently, we are continuing to monitor the situation for further information and will be updating our customers as more information becomes available. Our customers’ security and environments are a top priority, and we can assure you we have the best team working feverishly to fix these vulnerabilities in the least impactful manner.
The vulnerability announcement and applicable white papers are available at:
https://meltdownattack.com