Earlier this week, multiple vulnerabilities were released that affect nearly every modern server and desktop computer. These are being known by the monikers as “Meltdown” and “Spectre”. These vulnerabilities affect AlpineWeb and many other service providers. Since becoming aware of these vulnerabilities, AlpineWeb's service provider Liquid Web has been working to plan and implement the best resolution for our customers. Liquid Web's security and development teams have been working diligently to deploy the required updates to mitigate vulnerabilities.
So, what are these vulnerabilities? They are both hardware bugs that allow information being processed on a computer, or server, to be obtained by non-privileged programs. Normally, programs are prohibited from reading data in use by other programs. However, when exploited, “Meltdown” and “Spectre” allow this normally secret information to be read by any software that’s asking for it. “Meltdown” breaks the isolation between programs and the underlying operating system, while “Spectre” breaks the isolation between running programs.
Many modern operating systems have already announced or released patches to mitigate the risks of these vulnerabilities. Based on the requirements of many, if not all, of these patches, it will be required to reboot our affected customers’ servers. We will be scheduling these reboots, and updating affected customers prior to them taking place.
Presently, we are continuing to monitor the situation for further information and will be updating our customers as more information becomes available. Our customers’ security and environments are a top priority, and we can assure you we have the best team working feverishly to fix these vulnerabilities in the least impactful manner.
Saturday, January 6, 2018