FOLLOW US ON TWITTER

12 JAN 2018

SECURITY UPDATE: SPECTRE AND MELTDOWN VULNERABILITIES

SECURITY UPDATE: Spectre and Meltdown vulnerabilities

Hi ~okeanos users,

Early this month, security researchers reported two critical vulnerabilities: Spectre and Meltdown. These vulnerabilities allow attackers to access sensitive information (such as passwords), due to a design flaw, which affects Intel, ARM and some AMD processors. Specifically, Meltdown allows a process to bypass the mechanisms that isolate it from accessing the memory address space of other processes and the operating system. Respectively, with Spectre a process can access arbitrary memory locations of other related processes.

In order to protect the virtual machines, the physical nodes of ~okeanos have been patched with all the currently available security updates, with no service interruption. Furthermore, to better protect your virtual machines, we urge you to perform all the available security and kernel updates, as well as security updates on various applications such as web browsers, as soon as possible.

For a more thorough explanation on this subject, we suggest you read the following :

  • https://docs.ovh.com/fr/dedicated/meltdown-spectre-kernel-update-per-operating-system/
  • https://spectreattack.com/
  • https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/
  • https://www.enisa.europa.eu/publications/info-notes/meltdown-and-spectre-critical-processor-vulnerabilities
  • Stay safe,
    the ~okeanos team

    posted by okeanos on Jan. 12, 2018, 3:18 p.m., filed under all , security , spotlight , cyclades

    < Back