Greetings for the day !!!
As many of you will know, last week saw publication of a new set of security vulnerabilities affected hardware and software vendors were made aware back in July 2017 with the original public disclosure date set for January 9th 2018, but instead it was made public early on January 3rd.
Earlier last week, multiple vulnerabilities were released that affect nearly every modern server and desktop computer. These are being known as “Meltdown” and “Spectre”. These vulnerabilities can affect Hosting Centre and many other service providers. Since becoming aware of these vulnerabilities, Hosting Centre Support Team has been working diligently to plan and implement the best resolution for our customers. Our security and development teams have been working with our vendors to deploy the required updates to mitigate vulnerabilities.
What are these vulnerabilities?
Spectre can manipulate a process into revealing its own data, while Meltdown can exploit a process to read memory assigned to the Kernel or other processes, even if its not normally allowed to do so.The vulnerabilities are known to affect primarily Intel processors, although Spectre can be used against Intel, AMD and many ARM processors.It affects Linux, Windows, macOS, and can affect embedded devices such as smart TV's.Raspberry Pi's are not vulnerable.
They are both hardware bugs that allow information being processed on a computer, or server, to be obtained by non-privileged programs. Normally, programs are prohibited from reading data in use by other programs. However, when exploited, “Meltdown” and “Spectre” allow this normally secret information to be read by any software that’s asking for it. “Meltdown” breaks the isolation between programs and the underlying operating system, while “Spectre” breaks the isolation between running programs.
Many modern operating systems have already announced or released patches to mitigate the risks of these vulnerabilities. Based on the requirements of many, if not all, of these patches, it will be required to reboot affected customers’ servers. We will be scheduling these reboots, and updating affected customers prior to them taking place.
Some operations require a reboot of the machine, which could cause an interruption of service for a short time. Restarting of some services has already begun, so that we can apply the first tested and approved stability patches to our systems, both in the operating systems of the machines and their kernel as well as in the microcode.
Presently, we are continuing to monitor the situation for further information and will be updating our customers as more information becomes available. Our customers’ security and environments are a top priority, and we can assure you we have the best team working feverishly to fix these vulnerabilities in the least impactful manner.
Clients should maintain current back-ups of important files and web data/databases, so that in case of any infection, the data loss can be prevented.
Friday, January 5, 2018