Meltdown & Spectre Security Vulnerabilities

Posted:  May 14th, 2018

 

KEKhost/KEKhosting has become aware of security vulnerabilities affecting most known processors. These vulnerabilities were recently exposed by various security experts.

 

These vulnerabilities have been dubbed Meltdown and Spectre.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

"These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents."- meltdownattack.com, January 5th, 2018

 

In most cases, local access to the computer is required to exploit these vulnerabilities. At the time of this writing, there are no known attempts to exploit these vulnerabilities.

 

A potential attacker with unauthorized access could execute malicious code through other applications to access memory from other processes.

 

Following industry best practices, KEK strongly recommends that customers keep their operating systems up to date and ensure that security updates are performed and vendor recommended patches are installed as well.

 

FIX

 

Listed below are links from vendors on how to patch the most popular server operating systems including

 

Ubuntu

Centos

Red Hat Entreprise Linux

Debian

Windows Server

VMWare

 

For operating systems not listed above, customers should contact their vendor for instructions and more information to address these vulnerabilities.

 

FIX IMPACTS

 

Industry feedback has indicated that there is a potential for performance impacts as a result of some patches. The reported impacts vary from minimal to noticeable latency on databases. KEK does not have precise impact details at this time. We will continue to monitor the information available for these vulnerabilities.

 

TECHNICAL INFORMATION

 

For more information and in-depth details please visit https://meltdownattack.com

 

NEXT STEPS

 

KEK takes all vulnerabilities seriously. We are taking precautionary steps internally and with all partners and vendors regarding mitigation.

 

Information about these vulnerabilities is still developing and KEK is in constant communication with its partners and vendors.

 

KEK will keep its customers updated as more information becomes available.

 

As additional information is made available, this page will be updated.