Spectre en Meltdown

By exception, this blogpost will be in English to inform all our clients.


News has come out about highly critical vulnerabilities in all Intel CPU’s. The vulnerabilities have been codenamed “Meltdown” and “Spectre”.

The publicly available information can be found here: spectreattack.com

The short version is that a highly sensitive vulnerability has been found in nearly all CPU’s that could allow;

  1. Users within a server to read memory from other processes, allowing the theft of credentials or sensitive information within a single server;
  2. In virtualized environments, it could allow one virtual machine to access memory space of another virtual machine;

Both are deemed extremely dangerous and critical. The Nucleus team is currently applying all necessary patches to our virtualized environments (VMware & KVM). This should come at no interruption to your running servers.

The patch, however, includes a performance penalty: additional software logic is introduced to separate kernel vs. user-space memory in order to combat this vulnerability. Initial benchmarks include a performance penalty ranging between 5% and 30%, depending on the workload.

This essentially means your server – and our hardware – could take a drastic performance hit. We are left with no choice, as data integrity and security is more important than performance, in our view. We do however look at all the options to keep the performance penalty to a minimum. There’s a chance you might not even notice, as it depends heavily on the workload of the machine.

This will affect all Linux, Windows, BSD and other operating systems.

We are currently focussing on patching our hypervisors and cloud environments, additional patches will have to be applied in each individual server (every virtual machine & dedicated server), we will communicate our action plan regarding those patches as soon as possible.

If you have a managed server at Nucleus, we will take care of all patches and security handling.

If you have an unmanaged server, that you control, we urge you to investigate the vulnerabilities yourself and apply all necessary patches as soon as possible. You will need to take action!

We will keep this blogpost updated as more news and information comes out.


Update Friday 05/01/2017

In the last 24 hours, the following actions have been performed:

  • All virtualized environments have had their patches applied, all hypervisors are secured
  • We are in the process of contacting our managed Windows clients for a customized plan of action
  • The same communication has started for our managed Linux clients, but it’s more complicated there: our initial tests confirm that some workloads have a drastic performance hit, requiring us to wheigh in the security vs. performance debate. For those workloads that suffer the most, a custom plan will be created per client to wheigh the pro’s & con’s. In most cases, the patch can be applied with limited impact on the performance of the server

Our next 24 hours mostly look like this:

  • Continue patching those individual servers that pose the highest risk
  • Cooperate with our unmanaged clients that require assistance in getting their systems patched

We want to thank all our clients for their patience and understanding, it’s been a busy 24 hours and the message of “your system might be 30% slower” isn’t a fun one to bring, but we are working with everyone to make this situation go as smooth as possible, with as little as possible interruptions.

Gerelateerde berichten
Nucleus - Laravel

Wat is de beste manier om Laravel te hosten?

Wat is de beste manier om Laravel te hosten? Door Laravel, Forge en gebruiksvriendelijke deployments te combineren met managed hosting. Lees hier waarom!

Lees meer

Spectre en Meltdown

Spectre en Meltdown: wat was de échte impact ?

Spectre en Meltdown – en meer bepaald het patchen van de lekken – hebben zowat elke system administrator bezig gehouden de afgelopen dagen. Nu […]

Lees meer

Uptime - Security

Waarom IT security nog steeds onbelangrijk is…

Ondernemers hebben vaak te weinig aandacht voor IT security. Beperkte budgetten, beperkte kennis, rekenen op derde partijen… de excuses zijn legio als het misgaat […]

Lees meer