We’ve been watching the scene unfold around the Spectre and Meltdown vulnerability disclosures over the past few days. If you are not aware, there are potential exploits that revolve around nearly all modern CPU’s that for a hosting provider mostly affect shared and VPS/Cloud services. If you want to learn more about these vulnerabilities, there are two excellent websites you can visit:
https://spectreattack.com/
https://meltdownattack.com/
The good news is that so far there have been no reports of this being exploited in the wild. As it stands, it is just a proof of concept. However, because a working proof of concept exists, it is only a matter of time before an exploit is developed using these concepts. Keeping customers secure is one of our top priorities at EZP.
Fixing Spectre and Meltdown require a kernel patch and a reboot. Thankfully both vulnerabilities are fixed at once. We did see some hastily prepared and released kernel patches come out yesterday (january 4th, 2018) but they were causing issues in our testing. Apparently we were not the only provider seeing the issue as stable patches have been released. As such, we are now in the process of patching servers.
You may notice services go offline as we patch and reboot servers. We do not expect these reboots to cause more than a few moments of service interruption for affected clients.