SimplerCloud Pte Ltd

×
×

News: Security Advisory: CPU Vulnerabilities - Meltdown and Spectre

Published: 10/01/2018 Back

Last Update: 19 Feb 2017


CRITICAL VULNERABILITIES FOUND - MELTDOWN AND SPECTRE


MELTDOWN and SPECTRE are two major vulnerabilities made public in the first week of January 2018, with serious impact on practically all major CPUs.

More information about the Meltdown and Spectre vulnerabilities:


https://meltdownattack.com/
https://googleprojectzero.blogspot.sg/2018/01/reading-privileged-memory-with-side.html
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown
https://www.qemu.org/2018/01/04/spectre/




WHAT YOU MUST DO TO PROTECT YOUR SERVERS


All customers are strongly advised to to update and patch their servers' operating systems to mitigate the impacts of the vulnerabilities on the guest OS level.


Here are the basic instructions, depending on your service plan with SimplerCloud.  Please open a support ticket by logging into our client area portal and go to Support > Open New Support Ticket so we can assist you further.

Simple Servelet and Virtual Private Cloud Customers
- Update your operating system

Dedicated Server Customers
- Update your operating system

Dedicated Private Cloud Customers
- Update your operating system

Customers who are running their own custom ISO should continue to follow security best practices and apply security updates to their images.


 


UPDATING YOUR OPERATING SYSTEM


- On Windows Servers:

1. Run Windows Update to install the latest patches. Restart the server for the new patches to take effect.


2. Modify some registry settings to enable protections on the server.


To enable the fix:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f

reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f


More information:

https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution


- On Ubuntu/Debian system:

apt-get update
apt-get dist-upgrade


Restart the server for the new patches to take effect.


- On CentOS system:

yum update

Restart the server for the new patches to take effect.


 


NOTE ON SIMPLERCLOUD INFRASTRUCTURE UPDATE

Following the release of the latest information from OS and vendors, the latest patches and updates are being rolled out as soon as they are released and tested.  Some updates may require us to stop and restart customers' servelets or private clouds as they are applied. Individual customer notifications should be made when this is the case. Depending on the complex nature of each vulnerability and reports from the industry, there may be multiple updates over the next few months.

We must make it clear that vendor updates are being applied as they are released but because of the conflicting nature of reports about patches, our cloud infrastructure is not affected by all aspects of the vulnerability. We are continuing to keep up with the most current threat landscape and will continue to roll out additional protections to address any potential risks.


Update on 19-Feb-2018: Our cloud infrastructure and all our public facing internal servers are now properly mitigated for Meltdown. We are still working towards proper mitigation for Spectre and will provide further updates once they are available.