Spectre and Meltdown Vunerabilities

 Friday, January 5, 2018

We are presently working on patching the recently released vulnerabilities known as "Meltdown" and "Spectre", on our entire server infrastructure and datacenter. 

All servers will be patched and automatically rebooted over the next 72 hours. Due to the severity of these vulnerabilities, we are unable to schedule the patching and reboot process. 

We have you covered and no action is required from you at this time. 

 

More information on these vulnerabilities:

Earlier this week, multiple vulnerabilities were released that affect nearly every modern server and desktop computer.  These are being known by the monikers as “Meltdown” and “Spectre”.  These vulnerabilities affect XMLA and many other service providers.  Since becoming aware of these vulnerabilities, XMLA has been working diligently to plan and implement the best resolution for our customers. Our security and development teams have been working with our vendors to deploy the required updates to mitigate vulnerabilities. 

So, what are these vulnerabilities? They are both hardware bugs that allow information being processed on a computer, or server, to be obtained by non-privileged programs. Normally, programs are prohibited from reading data in use by other programs. However, when exploited, “Meltdown” and “Spectre” allow this normally secret information to be read by any software that’s asking for it. “Meltdown” breaks the isolation between programs and the underlying operating system, while “Spectre” breaks the isolation between running programs.

Many modern operating systems have already announced or released patches to mitigate the risks of these vulnerabilities.  Based on the requirements of many, if not all, of these patches, it will be required to reboot affected customers’ servers.  

Presently, we are continuing to monitor the situation for further information and will be updating our customers as more information becomes available. Our customers’ security and environments are a top priority, and we can assure you we have the best team working feverishly to fix these vulnerabilities in the least impactful manner.

The vulnerability announcement and applicable white papers are available at:https://meltdownattack.com/

 

We are available to assist with any questions or concerns via email at support@xmla.com or by phone at (818)-985-2464, Further updates will also be posted to  https://www.xmlahost.com/announcements.php

 

Mike Austin

XMLA

www.xmla.com