This is an update to our previous post.
We’ve had an incredibly busy couple of days and wanted to take a few minutes provide an update on where Future Hosting is at with Meltdown & Spectre patching.
As is often the case with this kind of situations, the landscape has evolved a bit since our original posting. The most notable of which is that there is an increasing amount of Proof-Of-Concept (POC) code in distribution that demonstrates taking advantage of Meltdown & Spectre vulnerabilities. This raises the threat of the vulnerabilities as quite often these POC’s are used as the basis for creating malicious exploits. At this time, however, we have not seen nor have industry peers we work with, any targeted attacks or exploits against these vulnerabilities.
Further, we currently have a clearer understanding and consensus among industry peers on how to adequately patch for the vulnerabilities. In short, there are two levels of patching required, one is an OS level kernel update and the other is a software update to the physical processor called a microcode update. In order to effectively patch longer term, both must be applied however the criticality of the OS kernel level update cannot be understated as it begins to narrow the scope of how these vulnerabilities can be leveraged.
In the last 48 hours, we’ve applied kernel updates and reboots to 91% of our customer systems with Future Engineer Pro across our global presences through 4 emergency maintenance windows. The remaining systems to patch are those which had conditions that did not allow for immediate patching or those for clients on unmanaged systems that open tickets with us.
The microcode processor updates take a different form, traditionally as BIOS updates that can be fraught with risk. However, the Linux kernel provides for a ‘microcode loader’ feature that can be used to, on boot (after BIOS POST), update processor microcodes in a far less risky fashion. This is our preferred approach and that of a larger part of our industry peers. However, these microcode updates even when applied by the Kernel microcode loader will require a reboot.
We’ve received updated microcode packages for a select few processor types, namely Intel Haswell, Broadwell, Skylake architectures. As such, when applying kernel updates and reboots across our platform, we’ve been updating the microcodes as well.
Last but certainly not least, a very big thank you goes out to everyone here at Future Hosting who has been directly or indirectly involved in these patching efforts. It has been an absolute pleasure to see our teams come together to pool resources, keep each other motivated and grind through these updates. This is not an easy time for anyone in the technology space but having some of the best talents in the industry and people that commit themselves without question, make it a little easier to get through the long nights.
We appreciate your understanding and patience as we complete this process. If you have any questions or concerns, please reach out to our Support team via https://my.futurehosting.com.