What large and small VPS Providers are doing about the Meltdown and Spectre security vulnerabilities

Jan 07 2018

To this days all first tier cloud providers have taken action against the Spectre and Meltdown security vulnerabilities. The cloud giants are better armed to address those issues as they have all been aware of the attack vectors for quite some time. Google has been able to patch their host systems without even rebooting the guests.

Smaller providers were not so lucky but some of them banded together to help each other and share information (Linode, Vultr, DigitalOcean, Scaleway, OVH and Packet). They are still one step behind though.

The date for the disclosure was initially coordinated to be on January 9th but as the news became widely available on Jan 2nd, the major providers decided to take action immediately. Tier 2 providers that are dependent on information from Intel and OS publishers to patch their systems are still struggling to figure out what patches to install.

The performance impact according to Google, Amazon and Microsoft is negligible.

This is the status for all VPS providers tested at vpsbenchmarks.com on Jan 6th 17:00 PST.

AWS

Processor Speculative Execution Research Disclosure

  • All EC2 hosts were patched before Jan 5th 21:00 PST.
  • AWS recommends the guests instances.

Google Cloud Platform

Answering your questions about “Meltdown” and “Spectre”

  • Google started working on those security flaws in June 2017.
  • "G Suite and Google Cloud Platform (GCP) are updated to protect against all known attack vectors. Some customers may worry that they have not been protected since they were not asked to reboot their instance. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers"

Microsoft Azure

Securing Azure customers from CPU vulnerability

  • As of Jan 3rd "The majority of Azure infrastructure has already been updated to address this vulnerability".

DigitalOcean

A Message About Intel Security Findings

  • DigitalOcean is still awaiting patches from Intel, Canonical.
  • Next update on January 9th.

Linode

CPU Vulnerabilities: Meltdown & Spectre

  • Still waiting on external dependencies as of Jan 5th.
  • Patched kernels are available to customers to patch their guest OS.

Vultr

Intel CPU Vulnerability Alert

  • Vultr claims "Our engineers have already applied updates to our infrastructure to ensure the security of our platform" but it's not clear if that includes the hypervisor hosts.
  • Vultr will email customers ahead of scheduled reboot of instances.

Atlantic.net

  • There is no article about the vulnerabilities on Atlantic.net blog.
  • However they sent an email to their customers:
    • "As with all major cloud providers, Atlantic.Net is working together with hardware and software vendors to patch these exploitations as soon as we can. The solutions to these exploitations will be highly dependent on the type of hosting environment that you have with Atlantic.Net."

OVH

Scaleway, Online.net

Important note about the security flaw impacting ARM & Intel hardware

  • There is a large picture of young engineers looking concerned on the blog post, one of them is staring at a picture on his screen that was most certainly downloaded from the future. So they obviously understand how critical the situation is. More seriously, they are the provider that published the most frequent updates on the status of their servers.
  • Scaleway provides regular updates about the progress of their work on twitter.
  • Patched kernels are available to their customers for install.
  • By now they should have patched all impacted hypervisors according to the blog post: "A maintenance window has been scheduled between the 01/04/18, starting at 7am UTC and the 01/06/18, ending at 7am UTC".

Upcloud

Information regarding the Intel CPU vulnerability (Meltdown)

  • The Upcloud status page has detailed information about the progress of the updates.
  • As of Jan 6 20:49 UTC "Most of the emergency infrastructure updates are now complete. We estimate that over 95% of customer servers did not experience any notable disturbances due to updates."

VPSDime

Reboot for Meltdown / Spectre patching

  • VPSDime sent emails to their customers to inform them of scheduled reboots to patch their hypervisors.
  • In the case of vpsbenchmarks.com, the email was unfortunately sent just 20 minutes before the reboot.
  • "Today, Saturday January 6th, 2018, we will be rebooting host nodes serving all VPSDime Linux VPS to execute a new kernel patched against the recently discovered Meltdown and Spectre exploits."

Ramnode

Dreamhost

No information on the topic that I could find.

IOZoom

I saved the best for last.

Me: What are you planning to do about the Meltdown and Spectre security Vulnerabilities?
IOZoom: Please give us your root password, we'll check it out for you.





VPS Screener

VPS Screener

Find the VPS that fits your requirements in seconds with the Screener

Share this page

Latest Tweets by @vpsbenchmarks

News

Best VPS for $10 or less

List of the best Virtual Private Servers, performance tested, that will cost you $10 or less per month.


Performance of burstable CPU VM instances

Burstable CPUs VM instances appeared on Amazon EC2 for the first time in 2014. Since then, they have...


Evaluating cloud server performance with sysbench

Finding the best cloud servers for your use case can be challenging. Most providers offer a number ...


GDPR Compliance in the Cloud

On May 25, 2018, the General Data Protection Regulation (GDPR) went into effect. This new set of ...

More...

Partners

vpsbenchmarks.com is hosted by:

Hosted by VPSDime

Be featured on VPSBenchmarks

Cloud Server Providers, would you like your products to be tested at vpsbenchmarks.com?

Check out our pricing page and sign up

Disclaimer

Running all the benchmarks featured on vpsbenchmarks.com costs time and money. VpsBenchmarks can only stay online thanks to providers offering affiliate programs.

We are proud to always provide objective and impartial benchmark data on this website, all VpsBenchmarks tests are conducted the same way for all VPS providers whether or not we are affilates with them.

To support us, make your hosting purchases using the Provider Affiliate Links displayed throughout the site.

Latest trials

All tests that were recently conducted at VpsBenchmarks:

Start Provider
Dec 11 2018 Vpsdime
Dec 07 2018 UpCloud
Dec 03 2018 DigitalOcean
Nov 29 2018 Dreamhost
Nov 26 2018 Linode
Nov 22 2018 AtlanticNet
Nov 19 2018 1and1 IONOS
Nov 16 2018 Alibaba Cloud
Nov 14 2018 Amazon EC2
Nov 12 2018 Scaleway
Nov 09 2018 OVH