2 Major Security Exploits Discovered
Within the last 24 hours researchers at Google announced two major security threats they discovered which are likely to affect the vast majority of devices from servers, desktops, laptops, cellphones (etc) as well as the devices and operating systems running on them. These threats are known as Spectre and Meltdown and more information can be found on them at www.spectreattack.com. These vulnerabilities affect processors that run “speculative execution.” One exploit (Meltdown) is suspected to affect Intel chips (potentially all that have been made in the past 15-20 years), and the other exploit (Spectre) appears to affect Intel, ARM and potentially AMD chipsets as well (although AMD has denied this in some capacity).
How does this affect our clients?
AWS is the backbone of our infrastructure today and they primarily run on the affected Intel chipsets. AWS has began expediting the patching process and leaving us just a 1-3 hour window of time to notify you before your servers will be rebooted. These last minute maintenance windows are coming in waves and we have been working diligently to keep you informed and updated as soon as we know and will be assisting you in preparing for this event so this occurs with minimal impact to your business.
What should you do?
Standby for confirmation that your server(s) are impacted, we will reach out to you via phone and email to notify you if you are affected. The patch does negatively affect CPU performance by up to ~30% so if you are patched and rebooted, this should be expected.
We also recommend you update the OS on all of your devices running Intel chipsets over the next 24 hours to prevent you from being exploited. If your device is still supported a patch should be rolled out shortly if it does not already exist.
Please open a ticket at tickets.dynamic.com if you have any questions or concerns. You can follow the official news on this exploit by subscribing to our news feed here or at the following locations:
https://newsroom.intel.com/
https://aws.amazon.com/security/security-bulletins/
Your support team,
Dynamic Concepts