UPDATED 8 February 2018
Please read the following update on patches to these security vulnerabilities. We are currently 90% completed on all servers.
CentOS 7 – The patch has been released and we are currently installing on all servers, at which point a reboot will be performed to activate the patch.
CentOS 6 – The patch has been released and we are currently installing on all servers, at which point a reboot will be performed to activate the patch.
CentOS 5 – For the limited clients left on CentOS 5 no patch will be made available. We recommend clients upgrade to CentOS 7 or STORM (Ubuntu). We will be contacting clients individually.
Windows – Patches for all windows servers are covered within the windows updates, so please check that auto updates is enabled on your server, or perform a manual update if preferred to make sure the patch has been installed.
Ubuntu (STORM) – The patch has been released as of yesterday, and we are currently working through all servers, where the patch will be installed and the server rebooted to activate the patch.
If you have any questions about the installation of these patches on your server, please do not hesitate to get in touch with us.
ORIGINAL ARTICLE: As you may already be aware Google have discovered two security flaws in Intel processors late last year, 2017. These flaws have been called Meltdown and Spectre.
Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.
Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. This vulnerability is harder to exploit than Meltdown but is also harder to mitigate.
Both of these flaws affect a high volume of computers worldwide including desktop PCs, Macs, servers and possible devices including ARM processors like iPhones/iPads and Android devices. To be affected these devices can be running either Windows or Linux.
Linux (CentOS and STORM Ubuntu)
We are currently waiting for patches to be issued. These will update automatically but servers will need to be rebooted. We will update this blog article once the patches have been issued.
Microsoft has released patches for Windows and will be applied automatically if you have Windows Auto Update enabled. If not we recommend enabling Windows Update. Windows should automatically reboot the server although it is advisable to do this anyway.
If you have any follow up questions please feel free to contact us.