In early January 2018, severe security vulnerabilities in modern processors were publicly disclosed: Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715). These vulnerabilities allow attackers to read sensitive data from memory.
Affected Systems
The security vulnerabilities affect nearly all modern processors:
- Meltdown: Primarily Intel processors from the last 20 years
- Spectre Variant 1: Intel, AMD, and ARM processors
- Spectre Variant 2: Intel, AMD, and ARM processors
Actions Taken by INGATE
Our technical team began patching all systems immediately after the vulnerabilities became known:
- Managed Server: All managed service customers have already been provided with the latest kernel updates and microcode updates. Patches were applied outside of regular maintenance windows to ensure security as quickly as possible.
- Colocation & Bare Metal: Customers managing their own servers were notified by email about the necessary patches and provided with recommended actions.
- Cloud Infrastructure: The hypervisor layer of our cloud platform has been fully patched. Guests should additionally update their operating systems.
Performance Impact
The security patches may lead to performance reductions of 2-10% depending on the workload. In most use cases, the impact is minimal. For I/O-intensive workloads, the impact may be higher.
Recommendations
We recommend that all customers update their systems promptly. Managed service customers do not need to take any further action — we have already applied the patches. If you have questions or concerns, our technical team is available at info@ingate.de.
