Yesterday (January 4, 2018) news broke about vulnerabilities affecting AMD, Intel, and ARM CPUs. These vulnerabilities, termed Meltdown and Spectre, have the potential to expose information that computers/servers process. What's worse, it's the type of information that most applications rather keep safe (like secret keys, passwords, etc.).

Original article about this @ The Register.

At this point, it appears that VMware is not vulnerable to Meltdown; however, they have released patches for Spectre. It has been speculated that patching the flaws will cause performance hits, however, to what degree varies by reporting source. Our preliminary tests show no impact on most workloads.

As per VMware Security Advisory VSA-2018-0002 we have already patched all of our systems at Cloud Propeller.

As your workloads are running on top of our infrastructure, there is no immediate need for you to worry about patching your guest operating systems. With our patch, you should now be as safe as you can be - as other clients of our Infrastructure as a Service cannot snoop your application's data.

You should, however, take the time to learn about this issue, and patch your guest operating sytems in order to protect your data from applications running on your own systems. For example, if your system is compromised (by a virus which exploits this kind of vulnerability), the bad-actors in question could access your application's private data.

If you have any questions or concerns, please open up a support ticket and we'll assist.

Wishing you all a wonderful, Happy and Safe New Year!

All best,

Petar Smilajkov
President & CEO
Cloud Propeller, Inc.

Friday, January 5, 2018

« Back