What large and small VPS Providers are doing about the Meltdown and Spectre security vulnerabilities

Jan 07 2018

To this days all first tier cloud providers have taken action against the Spectre and Meltdown security vulnerabilities. The cloud giants are better armed to address those issues as they have all been aware of the attack vectors for quite some time. Google has been able to patch their host systems without even rebooting the guests.

Smaller providers were not so lucky but some of them banded together to help each other and share information (Linode, Vultr, DigitalOcean, Scaleway, OVH and Packet). They are still one step behind though.

The date for the disclosure was initially coordinated to be on January 9th but as the news became widely available on Jan 2nd, the major providers decided to take action immediately. Tier 2 providers that are dependent on information from Intel and OS publishers to patch their systems are still struggling to figure out what patches to install.

The performance impact according to Google, Amazon and Microsoft is negligible.

This is the status for all VPS providers tested at vpsbenchmarks.com on Jan 6th 17:00 PST.

AWS

Processor Speculative Execution Research Disclosure

  • All EC2 hosts were patched before Jan 5th 21:00 PST.
  • AWS recommends the guests instances.

Google Cloud Platform

Answering your questions about “Meltdown” and “Spectre”

  • Google started working on those security flaws in June 2017.
  • "G Suite and Google Cloud Platform (GCP) are updated to protect against all known attack vectors. Some customers may worry that they have not been protected since they were not asked to reboot their instance. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers"

Microsoft Azure

Securing Azure customers from CPU vulnerability

  • As of Jan 3rd "The majority of Azure infrastructure has already been updated to address this vulnerability".

DigitalOcean

A Message About Intel Security Findings

  • DigitalOcean is still awaiting patches from Intel, Canonical.
  • Next update on January 9th.

Linode

CPU Vulnerabilities: Meltdown & Spectre

  • Still waiting on external dependencies as of Jan 5th.
  • Patched kernels are available to customers to patch their guest OS.

Vultr

Intel CPU Vulnerability Alert

  • Vultr claims "Our engineers have already applied updates to our infrastructure to ensure the security of our platform" but it's not clear if that includes the hypervisor hosts.
  • Vultr will email customers ahead of scheduled reboot of instances.

Atlantic.net

  • There is no article about the vulnerabilities on Atlantic.net blog.
  • However they sent an email to their customers:
    • "As with all major cloud providers, Atlantic.Net is working together with hardware and software vendors to patch these exploitations as soon as we can. The solutions to these exploitations will be highly dependent on the type of hosting environment that you have with Atlantic.Net."

OVH

Scaleway, Online.net

Important note about the security flaw impacting ARM & Intel hardware

  • There is a large picture of young engineers looking concerned on the blog post, one of them is staring at a picture on his screen that was most certainly downloaded from the future. So they obviously understand how critical the situation is. More seriously, they are the provider that published the most frequent updates on the status of their servers.
  • Scaleway provides regular updates about the progress of their work on twitter.
  • Patched kernels are available to their customers for install.
  • By now they should have patched all impacted hypervisors according to the blog post: "A maintenance window has been scheduled between the 01/04/18, starting at 7am UTC and the 01/06/18, ending at 7am UTC".

Upcloud

Information regarding the Intel CPU vulnerability (Meltdown)

  • The Upcloud status page has detailed information about the progress of the updates.
  • As of Jan 6 20:49 UTC "Most of the emergency infrastructure updates are now complete. We estimate that over 95% of customer servers did not experience any notable disturbances due to updates."

VPSDime

Reboot for Meltdown / Spectre patching

  • VPSDime sent emails to their customers to inform them of scheduled reboots to patch their hypervisors.
  • In the case of vpsbenchmarks.com, the email was unfortunately sent just 20 minutes before the reboot.
  • "Today, Saturday January 6th, 2018, we will be rebooting host nodes serving all VPSDime Linux VPS to execute a new kernel patched against the recently discovered Meltdown and Spectre exploits."

Ramnode

Dreamhost

No information on the topic that I could find.

IOZoom

I saved the best for last.

Me: What are you planning to do about the Meltdown and Spectre security Vulnerabilities?
IOZoom: Please give us your root password, we'll check it out for you.





VPS Screener

Find the VPS that fits your requirements in seconds with the Screener

Share this page

News

Best VPS for $10 or less

List of the best Virtual Private Servers, performance tested, that will cost you $10 or less per month.


What large and small VPS Providers are doing about the Meltdown and Spectre security vulnerabilities

To this days all first tier cloud providers have taken action against the Spectre and Meltdown ...

More...

Partners

vpsbenchmarks.com is hosted by:

Hosted by VPSDime

Be featured on VpsBenchmarks

VPS providers, would you like your products to be tested at vpsbenchmarks.com?

Contact us: Email, Twitter, or Facebook.

Disclaimer

Running all the benchmarks featured on vpsbenchmarks.com costs time and money. VpsBenchmarks can only stay online thanks to providers offering affiliate programs.

We are proud to always provide objective and impartial benchmark data on this website, all VpsBenchmarks tests are conducted the same way for all VPS providers whether or not we are affilates with them.

To support us, make your hosting purchases using the Provider Affiliate Links displayed throughout the site.

Latest trials

All tests that were conducted at VpsBenchmarks:

Start Provider
Apr 19 2018 Amazon Lightsail
Apr 16 2018 DigitalOcean
Apr 11 2018 Ramnode
Apr 08 2018 UpCloud
Apr 04 2018 Ramnode
Apr 01 2018 DigitalOcean
Mar 28 2018 AtlanticNet
Mar 24 2018 Amazon EC2
Mar 21 2018 DigitalOcean
Mar 18 2018 Hetzner
Mar 14 2018 Scaleway
Mar 10 2018 Microsoft Azure