Customer Update – Spectre and Meltdown

Processor Vulnerabilities – Spectre and Meltdown
13th January 2018

This page will be updated as more information becomes available.

What is Spectre and Meltdown?

Spectre and Meltdown are two computer vulnerabilities involving Intel chips on your PCs, laptops, phones and our servers. These vulnerabilities are serious, complex and have broad implications across the industry.

These vulnerabilities concern security experts because these have their origin in the very design of the processor (or CPU as we call it), that powers our computers. Most of the security vulnerabilities are associated with the software (i.e. Operating System or Applications), which these are not.

Good news is that though, these vulnerabilities have been identified by security research organisation, there is, so far, no evidence of its exploitation because these are not easy to exploit using simple methods. 

Another good news is that all major operating systems, such as Windows (e.g. Windows 10, Windows Servers) and Apple (e.g. iOS, MacOS and WatchOS) have been patched to protect the consumer.

Bad news is that fixes provided by Microsoft and Apple have some performance penalties on all computers. This can range from 5% slow-downs to 20% slow-downs on older computers.

What should you do?

We request all our customers to update their Operating System and Applications immediately. All Windows users should run Windows Update to download and apply all patches to date and all Apple devices should be updated with latest MacOS, iOS and WatchOS patches. These patches are:

  • Windows: Visit here (Opens new window)
  • Apple: Visit here (Opens new window)

Is there an impact?

Yes, so far, it is our understanding that these patches from Microsoft and Apple will slow down your computer depending on how old your processor is. The slowdown can be in the range of 5% to 20%, where 5% is on recent, new processors and 20% on older computers manufactured in 2015.

In Clour Pursuit, we are taking steps to keep our data centre run optimally by distributing the workloads by increasing individual server resources and lowering contention. The contention is the number of virtual machines run on a hypervisor. This is NOT a solution but we will do our best to minimise any performance penalties to our customers.

What is our action plan?

We, at Cloud Pursuit, take these vulnerabilities very seriously. We have already patched all our servers and virtual machines and we are closely monitoring any advisory issued by Microsoft and Apple.

We are in the process of patching all hardware, which falls under managed-service. We are in touch with our customers on this and actions have been planned.

This advisory is our endeavour to keep all customers informed.

Will there be any downtime?

At this moment, no.

This will happen when we are confident about hardware patches and/or BIOS updates recommended by DELL. We have come across mixed results of such patching and we are not keen to rush without careful planning and risk assessment.

If we need to update any hardware, this will require downtime and we will be in touch with you individually to plan and update our servers and minimise its impact on your business.

We regret, if and when this happens, there will be some downtime (15 minutes to an hour) and we will contact you when your servers are being patched.

Have questions?

If you need us to answer any question, please drop a mail to [email protected] 

Guidance notes from National Cyber Security Centre for Administrators.