On January 3, Microsoft issued a patch to address a number of issues, including a security vulnerability that has existed for 10 years, but was only recently discovered. Linux and Apple have also released patches this week.
The security threats are named Meltdown and Spectre and affect processing chips made by Intel, AMD and ARM. The vulnerability exploits a processor technique called speculative execution that was designed to speed up the central processing unit (CPU) by making an educated guess on what will happen next based on the sensitive data it has. As the chip guesses, that sensitive information is momentarily easier to access.
Meltdown lets attackers access the secret information through a computer’s operating system and Spectre could let attackers trick the processor into starting the speculative execution process so that they could read the secret data the chip makes available as it tries to guess what function the computer will carry out next.
The greatest threat is to multi-tenant scenarios where multiple Amazon Web Services or Microsoft Azure customers have their virtual machines (VM) on the same CPU and one user is able to peek into the contents of another VM. And the greatest downside of the software updates is that they may slow devices by as much as 30%, depending on workload.
If you are a managed client at US Cloud, rest easy. We immediately patched our servers, and we have continued to monitor our network since then for any performance issues so that we can proactively provide you recommendations for scaling infrastructure to avoid latency.
If you are an unmanaged client at US Cloud, we strongly urge you to install updates for all of your operating systems.
To unburden your team of patching and other infrastructure maintenance, or if you would like to migrate any workloads from a multi-tenant scenario to a secure, private, single-tenant, dedicated cloud with 24/7 all-USA-based support, please contact us to discuss your needs.