On May 14th, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively named Microarchitectural Data Sampling (MDS). We immediately took note and have been closely monitoring the situation. We have formulated a coordinated response to troubleshoot that will result in minimal-to-zero disruption to running containers.
How we are mitigating the vulnerability
These flaws, if exploited by persistent and educated attackers, could allow data in the CPU’s cache to be exposed to unauthorized processes.
We are bringing this into attention due to the fact that all but the Sandy Bridge CPU family-equipped nodes have microcode patches available. This affects cloud providers, including SkySilk.
However, once patched, these will not be vulnerable to the disclosed MDS vulnerabilities.
We are patching our systems with the microcode
We have worked on the necessary steps to receive microcode from Intel and properly update our systems to mitigate this vulnerability over the next month or so. Currently, we have multiple Nehalem/Westmere generation storage nodes.
These nodes are vulnerable to Spectre variant 4 and MDS. Although, as they do not host any customer containers, the security risks posed by these threats are non-critical.
For a full overview of the MDS vulnerability, you can refer to this post from Intel on the subject.
Looking for an Intel Cloud Alternative? We have AMD EPYC™ VPS!
Additionally, SkySilk offers the ability to host with AMD EPYC™ server CPUs. Not to mention these options include free Backups, Snapshots, and Unlimited Monthly transfer.
These are available in our premium tier and start at just $5/month. You can read more about the features and specs of AMD EPYC™ Servers in our blog post here.