How We’re Handling the Meltdown / Spectre CPU Vulnerability

A vulnerability has been announced that impacts nearly all modern CPU architectures which could allow an attacker to access raw data at the kernel level. We are taking the necessary steps to apply the available patches to our systems and will continue to apply any critical updates as they’re made available by our upstream vendors.

The vulnerabilities, named Meltdown and Spectre, expose flaws in the mechanisms meant to prevent access to this raw data, meaning sensitive and otherwise encrypted information can be accessed and read in plaintext. The architecture (when working properly) is supposed to create untouchable spaces which isolate any data passed at that level of the system from the rest of the OS / system. The Meltdown and Spectre exploits have found a way to bypass those protections and make it possible for an attacker on an unpatched system to access and read that data.

Our systems and security teams will continue to monitor this situation and we will apply patches to our servers as soon as they’re available from our upstream vendors. For anyone interested in more reading about this issue:

Meltdown and Spectre overview, FAQ, and proof of concept
Spectre: CVE-2017-5715 and CVE-2017-5753
Meltdown: CVE-2017-5754
Google Project Zero blog post

This entry was posted in General. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *