Security Advisory: Protect your servers against Meltdown and Spectre

We’re advising all Maxihost customers to update their Intel, AMD and ARM processor-based servers.

Maxihost security advisories are usually sent by email to our customers, but due to the importance of this new vulnerability, we’ve also decided to publish it here.

Incident

Earlier this month a major hardware flaw appears to have been discovered in processors that could potentially have devastating consequences.

The hardware bug causes an Intel, AMD or ARM CPU to prefetch system memory areas and gain control of any application.

Impact

It is understood the bug is present in modern processors produced in the past decade. It allows normal user programs — from database applications to JavaScript in web browsers — to discern to some extent the layout or contents of protected kernel memory areas.

At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory.

Fix

The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. These KPTI patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all.

We urge all customers to apply the latest security patches for their Operating systems. Linux programmers, Microsoft and Apple have all already released emergency security updates for some versions of their OSs.

Cloud and Managed Solutions customers can expect Maxihost’s Security team to apply all current and upcoming security patches.

If you’re interested in how you can protect your infrastructure from this and other vulnerabilities, learn about our newest product: Hardware Firewall.