Intel CPU vulnerabilities uncovered
Yesterday, on January 3rd, 2018, Intel confirmed information regarding independent research findings that have uncovered security vulnerabilities in their processors. Further research has shown that this affects all modern processors, including models used by UpCloud and other cloud service providers. The CPU vulnerabilities may allow an attacker to escape the confinement of the Virtual Machine guest operating system’s memory and allow attackers to gather sensitive data from the underlying computing device.
Since a key component in virtualized environments is the ability to isolate access to the guest operating systems only, patching this vulnerability is of major importance. Our engineers have been actively investigating and researching the vulnerability since it was discovered.
We have been preparing to roll-out global security updates at an accelerated pace to our underlying cloud infrastructure environment in the coming days. The emergency maintenance window will be further communicated on our status page. (Please subscribe to the status page to receive notifications of future updates!)
These updates will, unfortunately, affect a portion of our users’ cloud servers in the manner of scheduled reboots, but we aim to resolve this as seamless and disruption-free as possible for all our users.
In the meantime, we recommend all users to often and regularly check for security updates to their cloud servers operating system and install any recommended updates. And should you have any further questions, please don’t hesitate to contact our support staff.
Information regarding Foreshadow, the Intel L1 Terminal Fault vulnerability - UpCloud
[…] to the Spectre and Meltdown vulnerabilities, users should also upgrade the operating systems on their cloud servers as the fixes become […]