Storagepipe Is Now Thrive

Learn More

GridWay Is Now Thrive

Learn More

Cybersecurity

Meltdown & Spectre Follow-up

Meltdown & Spectre Follow-up
01.09.18
Cybersecurity
By: Chip Gibbons, CISO

Over the last week, most of you have heard about the latest exploits that are potentially impacting your business, Meltdown and Spectre.  These particular exploits target a system’s CPU.  The news of this particular attack was initially reported to Intel and the broader IT community by a group of researchers, led by Google.  While this is a very real issue, there have not been any reports of it being used in a malicious manner as of yet.

What you need to know?

Since Meltdown and Spectre are resident in the CPU of Intel-based systems, millions if not billions of systems are affected by these exploits.  In most cases, the mitigation for these exploits is a patch installed on your operating system.  This patch can impact the performance of Intel CPU’s.  Our testing of these exploits has shown that there is little concern of performance impact on most end users systems.  With regard to servers, there is a greater chance of performance impact.  The current theoretical statistics show that more “intensive” servers, there could potentially be a 30% reduction in performance, but the highest reported observation is currently 17%.

How will this effect performance in Thrive’s Cloud?

While we continue to work on patching the operating systems of our customers, we will also be keeping a close eye on the performance within our hosted cloud environment.  We do not plan to avoid remediation of these exploits and we will handle the performance issues on a case by case basis.

What is Thrive doing to mitigate this exploit for our customers?

In order to apply the patch to Windows operating systems, a registry key needs to be added.  This registry key activates Microsoft’s January update rollup, which includes mitigation for Meltdown and Spectre. Internal testing has been completed and we have reviewed advisories from multiple software manufacturers.  After concluding this research, we have executed a script which adds the registry key to all machines on our platform.  If your systems are not on our managed platform, we advise you to review your environment and add the registry key.

What are the next steps?

As stated above, after the registry key has been applied, your operating system will still require the January update package from Microsoft.  This deployment adheres to our normal Microsoft updates.

If you have questions and/or concerns about other operating systems, please reach out to your Thrive team.

Make sure you follow the Thrive Blog and  LinkedIn,  Twitter,  Google+  and Facebook for the most up to date information.