Meltdown and Spectre

Wednesday 10 January 2018

article

Critical OS Security Vulnerabilities

Two critical security vulnerabilities, known as Meltdown and Spectre, have recently been disclosed which affects many modern operating systems and processors.

Meltdown

Breaks the most fundamental isolation between user applications and the operating system.

This vulnerability allows a program to access the memory, and the data of other programs and the operating system.

Spectre

Breaks the isolation between different applications, allowing an attacker to trick error-free programs, which follow best practices into leaking data.

What is being done?

Operating system vendors have released patches to prevent these vulnerabilities being utilised as an attack vector, and these patches were installed for managed customers only as they became available.

Intel, AMD, and ARM are working on releasing further fixes for their vulnerable CPUs, however, due to the nature these identified vulnerabilities it is not possible to guarantee the issue has been fully mitigated.

Working with our hardware vendors, we will look at rolling out further fixes as they become available. This work may involve the roll out of a new BIOS Firmware that will need installing on all servers, this will result in servers being taken offline, and all customers will be contacted directly by email to arrange scheduling.

CWCS will notify customers regarding system reboots on our production servers via our status website.

More information

If you would like to discuss this update, or you are a non-managed customer and would like your server patched, please call 0808 133 3247 or submit a support ticket.

The CWCS support team are on hand 24/7/365 to assist with your enquiry.

For detailed information on the vulnerability, how it was discovered, and how it can be used, see Project Zero team at Google.

 

cwcs

CWCS are here to look after your online infrastructure, so you can look after your business!

Return to blog page

Put Your Servers In Safe Hands With Our Supreme Cloud Hosting

View our services to see which of our hosting options best suits your needs.

ISO 27001 Certified

Compliant to ISO 9001:2015 & ISO 27001:2013, CWCS is independently audited for your assurance that you will receive the highest level of quality, and will ensure your information secure, intact, and only available to those authorised to access it.

G-Cloud Supplier

The UK Government G-Cloud is an initiative targeted at easing procurement by public-sector bodies in departments of the UK Government of commodity information technology services using cloud computing.

Cyber Essentials

Cyber Essentials certifiication demonstrates our commitment to cyber security. Government and industry have worked together to produce a set of standards which helps organisations safeguard against the most common cyber threats.

Call us on 0800 1 777 000 or email us at sales@cwcs.co.uk