Network and Server Status


Server status and upgrade notifications via RSS feed

Hostek Response on Meltdown/Spectre

Thursday, January 04, 2018

   This RSS feed is to serve as general information, Hostek's response, and plan of action regarding the CPU vulnerabilities incurred by the Meltdown and Spectre common vulnerability exposure.

    Meltdown is a vulnerability that breaks through isolation between user applications and the operating system. This attack allows a program to access the memory pages that are not normally allowed access, and potential observer user keys, passwords, and other information stored in RAM, or a processor's caches. Hostek's hypervisor(s) hosting customer's VPS' or Shared Servers are not effected by this vulnerability, as they do not run untrusted user mode code. Customer VPS and Shared Servers are not effected by this vulnerability, but additional investigation by Hostek staff and administrators is still underway. Additional information and references for this vulnerability can be found here:
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
   
    Spectre is a pair of vulnerabilities that target machines utilizing speculative execution and branch prediction (both direct and indirect) that may allow unauthorized disclosure of information with local user access via a side-channel analysis. Spectre breaks isolation in between disperate applications on a system. Hostek systems patching is underway now, and will not effect the running state of customer VPS' or Shared Servers, but guest operating systems running ON customer VMs ARE effected, and local patching with Microsoft Windows operating systems is a little more involved. Windows patching involves coordination with Anti-Virus protection that is being investigated as this post is being submitted. Resolution is expected soon, and will involve a restart due to Microsoft updates. cPanel managed Linux virtual machines patch nightly in a non-service interrupting fashion, but this update will require a kernel update with a reboot following and Spectre vulnerability patches for CentOS 6/7 will be deployed this evening. Additional information and references for this vulnerability can be found here:
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753

    The first stated vulnerability effects all systems that utilize Intel x86 CPUs post-Pentium 4, and the second stated vulnerability effects other CPUs (Intel, AMD, ARM). While Hostek does not support customer personal machines, we strongly recommend contacting your system and operation system vendors for required patching, instruction, and information. General information about both of these vulnerabilities can be found at the following external website:
        https://meltdownattack.com/
       
    As always, if you have any questions or concerns about any of these issues regarding services with Hostek, please feel free to contact support at:
        https://support.hostek.com
            and
        [email protected]