In recent days, there has been significant media coverage concerning two published vulnerabilities concerning modern CPU architectures which are being referred to as Spectre and Meltdown.
These vulnerabilities break isolation between applications and operating system kernels (Meltdown) and between applications themselves (Spectre) which is essential in protecting sensitive information from unauthorised exposure.
While these vulnerabilities are the result of CPU design flaws, they must be mitigated through software.
What is Zettagrid doing?
Since becoming aware of the vulnerabilities, Zettagrid has been assessing the risk and exposure of Spectre and Meltdown to our infrastructure and working with vendors to ensure that appropriate mitigations are in place.
Remediation is ongoing and some services will require some scheduled maintenance to apply applicable patching and customers will be notified trough the Zettagrid Status Page.
What do customers need to do?
It’s important to understand that while patching is necessary at an infrastructure level, customers must patch their operating systems and in some cases, applications to ensure adequate protection.
Patches have, or soon will be released by major software vendors to help mitigate the vulnerability.
Up to date information on Spectre and Meltdown including links to statements and mitigation resources from major vendors is available from https://meltdownattack.com/
Zettagrid continues to work with hardware and software vendors to help ensure mitigation and will post further updates as they become available.
Jan 8, 09:04 AWST