What large and small VPS Providers are doing about the Meltdown and Spectre security vulnerabilities

Jan 07 2018

To this days all first tier cloud providers have taken action against the Spectre and Meltdown security vulnerabilities. The cloud giants are better armed to address those issues as they have all been aware of the attack vectors for quite some time. Google has been able to patch their host systems without even rebooting the guests.

Smaller providers were not so lucky but some of them banded together to help each other and share information (Linode, Vultr, DigitalOcean, Scaleway, OVH and Packet). They are still one step behind though.

The date for the disclosure was initially coordinated to be on January 9th but as the news became widely available on Jan 2nd, the major providers decided to take action immediately. Tier 2 providers that are dependent on information from Intel and OS publishers to patch their systems are still struggling to figure out what patches to install.

The performance impact according to Google, Amazon and Microsoft is negligible.

This is the status for all VPS providers tested at vpsbenchmarks.com on Jan 6th 17:00 PST.


Processor Speculative Execution Research Disclosure

  • All EC2 hosts were patched before Jan 5th 21:00 PST.
  • AWS recommends the guests instances.

Google Cloud Platform

Answering your questions about “Meltdown” and “Spectre”

  • Google started working on those security flaws in June 2017.
  • "G Suite and Google Cloud Platform (GCP) are updated to protect against all known attack vectors. Some customers may worry that they have not been protected since they were not asked to reboot their instance. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers"

Microsoft Azure

Securing Azure customers from CPU vulnerability

  • As of Jan 3rd "The majority of Azure infrastructure has already been updated to address this vulnerability".


A Message About Intel Security Findings

  • DigitalOcean is still awaiting patches from Intel, Canonical.
  • Next update on January 9th.


CPU Vulnerabilities: Meltdown & Spectre

  • Still waiting on external dependencies as of Jan 5th.
  • Patched kernels are available to customers to patch their guest OS.


Intel CPU Vulnerability Alert

  • Vultr claims "Our engineers have already applied updates to our infrastructure to ensure the security of our platform" but it's not clear if that includes the hypervisor hosts.
  • Vultr will email customers ahead of scheduled reboot of instances.


  • There is no article about the vulnerabilities on Atlantic.net blog.
  • However they sent an email to their customers:
    • "As with all major cloud providers, Atlantic.Net is working together with hardware and software vendors to patch these exploitations as soon as we can. The solutions to these exploitations will be highly dependent on the type of hosting environment that you have with Atlantic.Net."


Scaleway, Online.net

Important note about the security flaw impacting ARM & Intel hardware

  • There is a large picture of young engineers looking concerned on the blog post, one of them is staring at a picture on his screen that was most certainly downloaded from the future. So they obviously understand how critical the situation is. More seriously, they are the provider that published the most frequent updates on the status of their servers.
  • Scaleway provides regular updates about the progress of their work on twitter.
  • Patched kernels are available to their customers for install.
  • By now they should have patched all impacted hypervisors according to the blog post: "A maintenance window has been scheduled between the 01/04/18, starting at 7am UTC and the 01/06/18, ending at 7am UTC".


Information regarding the Intel CPU vulnerability (Meltdown)

  • The Upcloud status page has detailed information about the progress of the updates.
  • As of Jan 6 20:49 UTC "Most of the emergency infrastructure updates are now complete. We estimate that over 95% of customer servers did not experience any notable disturbances due to updates."


Reboot for Meltdown / Spectre patching

  • VPSDime sent emails to their customers to inform them of scheduled reboots to patch their hypervisors.
  • In the case of vpsbenchmarks.com, the email was unfortunately sent just 20 minutes before the reboot.
  • "Today, Saturday January 6th, 2018, we will be rebooting host nodes serving all VPSDime Linux VPS to execute a new kernel patched against the recently discovered Meltdown and Spectre exploits."



No information on the topic that I could find.


I saved the best for last.

Me: What are you planning to do about the Meltdown and Spectre security Vulnerabilities?
IOZoom: Please give us your root password, we'll check it out for you.

VPS Screener

VPS Screener

Find the VPS that fits your requirements in seconds with the Screener

Share this page

Latest Tweets by @vpsbenchmarks


Best VPS for $10 or less

List of the best Virtual Private Servers, performance tested, that will cost you $10 or less per month.



vpsbenchmarks.com is hosted by:

Cheap Powerful VPS

Be featured on VPSBenchmarks

Cloud Server Providers, would you like your products to be tested at vpsbenchmarks.com?

Check out our pricing page and sign up


Running all the benchmarks featured on vpsbenchmarks.com costs time and money. VpsBenchmarks can only stay online thanks to providers offering affiliate programs.

We are proud to always provide objective and impartial benchmark data on this website, all VpsBenchmarks tests are conducted the same way for all VPS providers whether or not we are affilates with them.

To support us, make your hosting purchases using the Provider Affiliate Links displayed throughout the site.

Latest trials

All tests that were recently conducted at VpsBenchmarks:

Start Provider
Mar 19 2019 Microsoft Azure
Mar 16 2019 Clouding.io
Mar 13 2019 Dreamhost
Mar 11 2019 Kamatera
Mar 09 2019 UpCloud
Mar 06 2019 OVH
Mar 04 2019 LunaNode
Mar 02 2019 Vultr
Feb 27 2019 Vpsdime
Feb 25 2019 Hetzner
Feb 20 2019 Linode
Feb 16 2019 AtlanticNet