IDBS Blog | 8th January 2018
Processor vulnerability: an update from our SRE team
As you may have seen in the news last week, a major security vulnerability was announced potentially allowing unauthorised individuals to gain access to privileged information via a vulnerability with modern day processors.
The announcement was made early Thursday morning GMT (4th January 2018). IDBS’s cloud teams started to patch the IDBS Cloud that morning and by lunchtime over 70% was patched and rebooted. By end of business Friday (5th January 2018) 90% of the IDBS Cloud was patched. The final Ubuntu servers will be patched as soon as Ubuntu release their patch, scheduled 9th January 2018.
IDBS has taken advice from our security provider and tool vendors on patching and mitigating against the vulnerability to ensure we are doing everything we can do to protect and mitigate against any risks. The IDBS Cloud has multiple lines of defence against unauthorised server access, runs daily malware scans on all servers and has intrusion detection systems and vulnerability scanning software.
As further RedHat, Ubuntu, Debian and CentOS patches are released over the coming days, IDBS’s cloud teams will ensure all servers are patched with minimal service interruption to our customers.
Update: All production E-WorkBook Cloud servers affected by the Meltdown and Spectre issue are now fully patched. The final Connect and Request servers were patched by Monday 15th January.