Over the Christmas break, Intel has disclosed a security vulnerability within its processors. Google who initially found the issue, has released a statement which now shows further processor manufacturers like AMD and ARM might also be affected by a different variant of the issue, codename ‘Spectre’.
There is currently a non-disclosure agreement in place until the 9th of January until further details are known. This has expired early.
There is currently a patch which has been deployed for Linux systems. Microsoft is planning to release a patch this week. Microsoft Azure and Amazon Web Services (AWS) are patching immediately.
With the patch release for Linux, people have noticed and performed benchmarks indicating a 30% drop in performance when the patch is applied.
Until Layer3 have tested the patch(s) from Microsoft, we will not automatically release these patches to customers. This is so we can internally test the performance implications of these patches. While the performance issues won’t affect desktop/laptop computers much, the performance of servers could be a real issue.
Please bookmark this post as we will update it as this issue progresses.
Update 2 (09/01): Microsoft has pulled the update amid issues with AMD and Intel processors. Layer3 have not officially rolled out these patches yet to customers as we are waiting for our Antivirus vendor to finish testing compatibility with these new Microsoft patches. More information can be found here about Microsoft re-issuing the patches
We will begin patching our datacenter operating systems this weekend (13/01/2018). Please keep an eye on our status page for more information.
Update 3 (12/01): We are patching our virtual environments hypervisors this weekend. This does not include Microsoft patching, as we are still testing the patches and the performance impacts.