What are Meltdown and Spectre and Are You at Risk?

This week, security researchers announced the discovery of two critical security vulnerabilities in essentially every computer processor manufactured over the last 20 years. The vulnerabilities are known as Meltdown and Spectre, and they take advantage of an architectural flaw in processors manufactured by Intel and AMD, as well as those built on ARM architectures.

The situation is still developing, but due to the potential seriousness of the vulnerabilities, and the wide range of processors potentially impacted by them, SingleHop is taking proactive measures to protect customers. This post outlines the situation and the actions we are undertaking.

What are Meltdown and Spectre?

Meltdown and Spectre are bugs at the architecture level of CPUs that allow data to be exposed. Any modern Intel processor should be presumed to be affected. Please note that at this time there is no evidence attackers have successfully exploited Meltdown or Spectre. For general and technical details, as well as answers to other common questions, please visit: https://meltdownattack.com/

Who is impacted by Meltdown and Spectre?

Basically any device manufactured in the past 20 years, including every Intel processor currently sitting on store shelves anywhere in the world, are potentially at risk due to this flaw. This includes all virtual machines, all bare metal servers, and all hosting accounts at every provider, world-wide. Personal devices like home computers and cell phones are also affected.

Am I at risk?

While the vulnerability has been discovered, we are not aware of any information at this time to suggest that malicious exploits for these vulnerabilities have been developed or used in the wild, but due to the nature of the vulnerabilities themselves, there is no way to tell as no logs are kept at the processor level.

How is SingleHop protecting its data centers and services?    

Our team of engineers and security experts are actively working with technology partners to protect customers and internal systems from these newly discovered vulnerabilities. All operating system (OS) vendors are in the process of developing and releasing patches, and we anticipate these to become available within the course of the upcoming days/weeks.

We are closely examining any developments around possible exploits of these vulnerabilities, and simultaneously taking rigorous steps to ensure all updates occur with minimal impact to service availability.

Please visit OT.SingleHop.com and subscribe for status updates and patch availability.

What patches are already available?

A list of vendor updates and advisories can be viewed here.

What is SingleHop doing for customers, exactly?

Following testing, we will patch all of our internal systems and all shared infrastructure used by more than one customer (e.g. public cloud systems, storage systems).  As patches become available for bare metal servers, we will be contacting bare metal (dedicated server) clients to schedule updates. For fully managed services customers, our team is in full swing to ensure patches are implemented quickly and efficiently. Customers using SingleHop AI will automatically be patched as soon as a patch is available for their OS.

What else should I know?  

It’s important to note that due to the unique nature of Meltdown and Spectre, it will most likely take time for researchers to understand the full scope of any resulting vulnerabilities, as well as for vendors to issue patches that optimally solve the exploits. Some early patches, for instance, may affect application performance.  

Award-Winning Support

Explore SingleHop
Read Also:
What is the GDPR and How Do I Ensure My Business is Compliant? Web App Attacks May Be Your Organization’s Biggest Vulnerability (INFOGRAPHIC) 3 Takeaways from Alert Logic’s 2017 Cloud Security Report
Andy Pace, COO
Andy Pace
COO

Andy Pace has built his career in the Internet infrastructure industry, holding leadership positions at an early age and coming from an in-depth systems engineering and architecture background. This experience helped Andy bec...READ MORE

A really informative article. Explaining risks to clients is always challenging

Outstanding job, Andy!

We Protect Patient Data

get compliant
Recent Tweets

Ready to Transform Your IT Strategy?

From groundbreaking server management software and automation platforms to custom, flexible managed infrastructure solutions, we win customers because we put customers’ unique needs at the center of every solution.

"I feel the customer service is light years better at SingleHop than with my previous provider. I love that I can call the 24 hour support line when things are simply easier to explain on the telephone than in a support ticket. "

Jane, SingleHop Customer

"Wonderful service. We really appreciate your willingness to work with us to help our business succeed. "

Aviva, SingleHop Customer

"As always I can depend on SingleHop Tech Support team for an assist whenever we need them. They’ve exceeded our expectations each and every time for the last 7 years. "

Rodney, SingleHop Customer

"Excellent! Hardware and software are important in this environment but what is truly outstanding is the tech support that comes with it!"

Kenneth, SingleHop Customer

"[The] completed task has made a serious difference in the server’s performance. Thanks for digging deeper. The efforts/findings were so worth the time taken, in my eyes!"

Michael, SingleHop Customer

"The crew is indeed outstanding. Everyone is involved with your case; they respond promptly and accurately.
They are always correct and incredibly fast."

Juliana, SingleHop Customer