Security Alert: Meltdown And Spectre

The following provides information regarding security vulnerabilities which became public on Wednesday, January 3, 2018 known as Meltdown and Spectre. We also wanted to update you on Atmosera’s readiness to deal with these potential vulnerabilities.

Overview of the Vulnerabilities

Yesterday, two major vulnerabilities were announced that affect most modern CPUs for all leading operating systems, including Windows, Linux, and Mac. These vulnerabilities have been named Spectre and Meltdown. Many vendors are rushing to implement fixes. Unfortunately, these fixes may come with some performance impacts.

For a more detailed technical write up, please see this blog post from Google Project Zero found here: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html.

For an easier read about these vulnerabilities, please see this write-up from PC World found here: https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.html.

Atmosera Response for Internal Infrastructure

The operations and engineering teams have put together a complete plan to patch all our internal systems.

  • We will start applying the patches to all affected systems starting today, Thursday, January 4, 2018 at 5pm PT.
  • We will monitor carefully the results and any observed performance impacts after the patches have been applied.
  • We will start patching customer environments on Monday, January 8, 2018 based on best practices developed following our own internal infrastructure patching.

Atmosera Response for Managed Customers

The patching of customer environments is focused on two major segments of managed services: Azure and Hosting

Azure

Microsoft started patching their underlying infrastructure Wednesday, January 3, 2018 and continues the process which may impact Atmosera customer environments. Atmosera is patching our own systems running in Azure starting today, Thursday, January 4, 2018 at 5pm PT.

Hosting

Customer patching starts Monday, January 8, 2018 for all private and multi-tenant hosted cloud environments. Customers who want expedited patching can contact support and make the request at support@atmosera.com.

Response for Colocation Customers

These vulnerabilities present serious potential threats which need to be mitigated immediately. Atmosera strongly encourages all customers to ensure they apply all available patches from vendors with urgency.

We deliver solutions that accelerate the value of Azure.

Ready to experience the full power of Microsoft Azure?

Start Today