Intel Meltdown and Spectre Security Vulnerabilities

Tim .

UPDATED 11 January
Please read the following update on patches to these security vulnerabilities.

CentOS 7 – The patch has been released and we are currently installing on all servers, at which point a reboot will be performed to activate the patch.

CentOS 6 – The original patch released for this version has been found to cause issues to the server once rebooted, so we are currently awaiting a new patch to be released, at which point it will be tested and as long as no problems are found, will be installed and a reboot will be required. We will advise further once the patch becomes available.

CentOS 5 – For the limited clients left on CentOS 5 no patch will be made available. We recommend clients upgrade to CentOS 7 or STORM (Ubuntu). We will be contacting clients individually.

Windows – Patches for all windows servers are covered within the windows updates, so please check that auto updates is enabled on your server, or perform a manual update if preferred to make sure the patch has been installed.

Ubuntu (STORM) – The patch has been released as of yesterday, and we are currently working through all servers, where the patch will be installed and the server rebooted to activate the patch.

If you have any questions about the installation of these patches on your server, please do not hesitate to get in touch with us.


 

ORIGINAL ARTICLE: As you may already be aware Google have discovered two security flaws in Intel processors late last year, 2017. These flaws have been called Meltdown and Spectre.

Meltdown breaks the most fundamental isolation between user applications and the operating system. This attack allows a program to access the memory, and thus also the secrets, of other programs and the operating system.

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre. This vulnerability is harder to exploit than Meltdown but is also harder to mitigate.

Both of these flaws affect a high volume of computers worldwide including desktop PCs, Macs, servers and possible devices including ARM processors like iPhones/iPads and Android devices. To be affected these devices can be running either Windows or Linux.

Linux (CentOS and STORM Ubuntu)

We are currently waiting for patches to be issued. These will update automatically but servers will need to be rebooted. We will update this blog article once the patches have been issued.

Windows

Microsoft has released patches for Windows and will be applied automatically if you have Windows Auto Update enabled. If not we recommend enabling Windows Update. Windows should automatically reboot the server although it is advisable to do this anyway.

If you have any follow up questions please feel free to contact us.

×