What are Meltdown and Spectre and Are You at Risk?
This week, security researchers announced the discovery of two critical security vulnerabilities in essentially every computer processor manufactured over the last 20 years. The vulnerabilities are known as Meltdown and Spectre, and they take advantage of an architectural flaw in processors manufactured by Intel and AMD, as well as those built on ARM architectures.
The situation is still developing, but due to the potential seriousness of the vulnerabilities, and the wide range of processors potentially impacted by them, SingleHop is taking proactive measures to protect customers. This post outlines the situation and the actions we are undertaking.
What are Meltdown and Spectre?
Meltdown and Spectre are bugs at the architecture level of CPUs that allow data to be exposed. Any modern Intel processor should be presumed to be affected. Please note that at this time there is no evidence attackers have successfully exploited Meltdown or Spectre. For general and technical details, as well as answers to other common questions, please visit: https://meltdownattack.com/
Who is impacted by Meltdown and Spectre?
Basically any device manufactured in the past 20 years, including every Intel processor currently sitting on store shelves anywhere in the world, are potentially at risk due to this flaw. This includes all virtual machines, all bare metal servers, and all hosting accounts at every provider, world-wide. Personal devices like home computers and cell phones are also affected.
Am I at risk?
While the vulnerability has been discovered, we are not aware of any information at this time to suggest that malicious exploits for these vulnerabilities have been developed or used in the wild, but due to the nature of the vulnerabilities themselves, there is no way to tell as no logs are kept at the processor level.
How is SingleHop protecting its data centers and services?
Our team of engineers and security experts are actively working with technology partners to protect customers and internal systems from these newly discovered vulnerabilities. All operating system (OS) vendors are in the process of developing and releasing patches, and we anticipate these to become available within the course of the upcoming days/weeks.
We are closely examining any developments around possible exploits of these vulnerabilities, and simultaneously taking rigorous steps to ensure all updates occur with minimal impact to service availability.
Please visit OT.SingleHop.com and subscribe for status updates and patch availability.
What patches are already available?
A list of vendor updates and advisories can be viewed here.
What is SingleHop doing for customers, exactly?
Following testing, we will patch all of our internal systems and all shared infrastructure used by more than one customer (e.g. public cloud systems, storage systems). As patches become available for bare metal servers, we will be contacting bare metal (dedicated server) clients to schedule updates. For fully managed services customers, our team is in full swing to ensure patches are implemented quickly and efficiently. Customers using SingleHop AI will automatically be patched as soon as a patch is available for their OS.
What else should I know?
It’s important to note that due to the unique nature of Meltdown and Spectre, it will most likely take time for researchers to understand the full scope of any resulting vulnerabilities, as well as for vendors to issue patches that optimally solve the exploits. Some early patches, for instance, may affect application performance.
Leave a Comment