The first week of January news started to spread about new CPU vulnerabilities that have been discovered. This affects millions of devices, not only cloud computing platforms such as Google Cloud and AWS, but even your own desktops, laptops, and mobile devices. Security is of the utmost importance to us here at Kinsta, so we want to keep you in the loop regarding how this impacts our service and platform.  More details below.

CPU Vulnerabilities

Last June, the Google Project Zero security team discovered vulnerabilities that affect modern day CPUs, including those from AMD, ARM, and Intel. Google had a set date to originally disclose this on January January 9, 2018, but the media essentially started leaking information about this early and so they’ve now gone ahead and released the details in full regarding the security flaws.

Here’s how Google it:

We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.”

So far, there are three known variants of the issue, also referred to as Spectre and Meltdown:

  • Variant 1: bounds check bypass ()
  • Variant 2: branch target injection ()
  • Variant 3: rogue data cache load ()

To put in layman’s terms, these are not only security flaws, but they also have an impact on performance. Read more in detail in this . Google has also published a help page explaining .

How This Impacts Kinsta

Regarding Kinsta there are two different layers which are affected. First, our host machines run on Google Compute Engine and these have already been updated to prevent all known vulnerabilities. Google uses their live VM migration technology to perform the updates with no user impact, no forced maintenance windows, and no required restarts.

The second is that all operating systems running on the virtual machines on top of our host machines need to also be patched. We utilize Ubuntu here at Kinsta and they have announced that they are  for the fixes. Due to the seriousness of this threat, we are watching for these updates carefully. and as soon as updates are available we’ll be applying them. All of our virtual machines have been updated and are now Spectre and Meltdown protected.

What You Should Do

In regards to your WordPress sites at Kinsta, there is nothing you need to do. As far as your own devices, here are some things to be aware of:

  • If you’re on a PC, Microsoft is pushing out an for their OS.
  • Apple has apparently already protected against Meltdown in macOS High Sierra 10.13.2 (released on December 6), . They also released a on January 8 to mitigate the effects of Spectre.
  • Linux developers are working to address this in a new kernel update.
  • Microsoft has patched Internet Explorer and Edge with .
  • Mozilla Firefox in their latest version (57).
  • Google is for Chrome in version 64.

If you’re a current Kinsta customer and have any additional questions regarding these recent security flaws, feel free to or leave us a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *