By Sean | January 8, 2018
Spectre and Meltdown
We are closely monitoring the emerging situation with the recently announced Spectre and Meltdown vulnerabilities that affect most modern computer processors.
Our hosting partner (Sitehost) is working closely with hardware manufacturers and operating system providers eg, Microsoft Windows to mitigate potential exposure to these vulnerabilities. (See this link for progress - http://www.sitehost-status.net/ )
Of these two vulnerabilities, Meltdown can be satisfactorily patched with standard operating system updates and these updates are expected to be available to test and apply within the next few days. (See linked articles below for more info)
Here at i-lign, we customarily apply security patches on a weekly basis on Sunday evenings to minimise disruption to users. During this event, we expect to be restarting i-lign during the week (we plan that restarts will be occurring outside of core business hours). We have a rollback plan in case of serious problems with the patches and we will be testing these patches in our test environment prior to deploying them to our hosted customers.
The Spectre vulnerability is significantly more complicated to mitigate against and the fixes are likely to occur over an extended period of time. The good (or slightly more reassuring) news is that Spectre vulnerabilities are reportedly much more difficult to exploit.
Update 15 Jan 2018
Over the weekend we have rolled out tested fixes to our hosted servers and our office infrastructure here in Wellington.
Sitehost published an update on Friday afternoon to advise their testing programme is progressing well with an ETA for patching their underlying architecture looking to be early to mid this week (16 or 17 Jan). Definite timing will be released by Sitehost as their plans evolve.
What can I do?
Allow your PC to go ahead with security updates - don’t postpone your Windows/Mac/Linux Updates :-)
Further reading for those inclined