What large and small VPS Providers are doing about the Meltdown and Spectre security vulnerabilities

Last updated on

To this days all first tier cloud providers have taken action against the Spectre and Meltdown security vulnerabilities. The cloud giants are better armed to address those issues as they have all been aware of the attack vectors for quite some time. Google has been able to patch their host systems without even rebooting the guests.

Smaller providers were not so lucky but some of them banded together to help each other and share information (Linode, Vultr, DigitalOcean, Scaleway, OVH and Packet). They are still one step behind though.

The date for the disclosure was initially coordinated to be on January 9th but as the news became widely available on Jan 2nd, the major providers decided to take action immediately. Tier 2 providers that are dependent on information from Intel and OS publishers to patch their systems are still struggling to figure out what patches to install.

The performance impact according to Google, Amazon and Microsoft is negligible.

This is the status for all VPS providers tested at vpsbenchmarks.com on Jan 6th 17:00 PST.

AWS

Processor Speculative Execution Research Disclosure

  • All EC2 hosts were patched before Jan 5th 21:00 PST.
  • AWS recommends the guests instances.

Google Cloud Platform

Answering your questions about “Meltdown” and “Spectre”

  • Google started working on those security flaws in June 2017.
  • "G Suite and Google Cloud Platform (GCP) are updated to protect against all known attack vectors. Some customers may worry that they have not been protected since they were not asked to reboot their instance. Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers"

Microsoft Azure

Securing Azure customers from CPU vulnerability

  • As of Jan 3rd "The majority of Azure infrastructure has already been updated to address this vulnerability".

DigitalOcean

A Message About Intel Security Findings

  • DigitalOcean is still awaiting patches from Intel, Canonical.
  • Next update on January 9th.

Linode

CPU Vulnerabilities: Meltdown & Spectre

  • Still waiting on external dependencies as of Jan 5th.
  • Patched kernels are available to customers to patch their guest OS.

Vultr

Intel CPU Vulnerability Alert

  • Vultr claims "Our engineers have already applied updates to our infrastructure to ensure the security of our platform" but it's not clear if that includes the hypervisor hosts.
  • Vultr will email customers ahead of scheduled reboot of instances.

Atlantic.net

  • There is no article about the vulnerabilities on Atlantic.net blog.
  • However they sent an email to their customers:
    • "As with all major cloud providers, Atlantic.Net is working together with hardware and software vendors to patch these exploitations as soon as we can. The solutions to these exploitations will be highly dependent on the type of hosting environment that you have with Atlantic.Net."

OVH

Scaleway, Online.net

Important note about the security flaw impacting ARM & Intel hardware

  • There is a large picture of young engineers looking concerned on the blog post, one of them is staring at a picture on his screen that was most certainly downloaded from the future. So they obviously understand how critical the situation is. More seriously, they are the provider that published the most frequent updates on the status of their servers.
  • Scaleway provides regular updates about the progress of their work on twitter.
  • Patched kernels are available to their customers for install.
  • By now they should have patched all impacted hypervisors according to the blog post: "A maintenance window has been scheduled between the 01/04/18, starting at 7am UTC and the 01/06/18, ending at 7am UTC".

Upcloud

Information regarding the Intel CPU vulnerability (Meltdown)

  • The Upcloud status page has detailed information about the progress of the updates.
  • As of Jan 6 20:49 UTC "Most of the emergency infrastructure updates are now complete. We estimate that over 95% of customer servers did not experience any notable disturbances due to updates."

VPSDime

Reboot for Meltdown / Spectre patching

  • VPSDime sent emails to their customers to inform them of scheduled reboots to patch their hypervisors.
  • In the case of vpsbenchmarks.com, the email was unfortunately sent just 20 minutes before the reboot.
  • "Today, Saturday January 6th, 2018, we will be rebooting host nodes serving all VPSDime Linux VPS to execute a new kernel patched against the recently discovered Meltdown and Spectre exploits."

Ramnode

Dreamhost

No information on the topic that I could find.

IOZoom

I saved the best for last.

Me: What are you planning to do about the Meltdown and Spectre security Vulnerabilities?
IOZoom: Please give us your root password, we'll check it out for you.




Screeners

Find the VPS that fits your requirements in seconds


Screener

Best VPS 2024

Provider Finder

Run all the benchmarks with a few clicks on your own server

Your first Private Trial is just $4

Run a fast benchmark suite with Geekbench, Fio and iPerf3 on your server, visualize and compare the results for free:

Share this page


Be Featured on VPSBenchmarks

Cloud Providers, would you like your products to be tested at vpsbenchmarks.com?

Your VPS servers can be advertised at VPSBenchmarks with a Featured Provider subscription. Sign up here.

Labs

Disclaimer

We are proud to provide objective and impartial benchmark data on this website. VPSBenchmarks receives support from some of the providers featured here but all tests are conducted the same way regardless of our relationships with them.

If you find our benchmarks valuable, you can help by making your cloud purchases using the Provider Affiliate Buttons displayed throughout the site.

Compare VPS Providers

Be the first to learn about new Best VPS rankings. Subscribe to our newsletter.