What a week it has been for vulnerability announcements!
With Cisco having announced a vulnerability to be patched in the past week, followed by the Linux glibc announcement, that’s enough for one week, right?
Wrong. Cisco has announced their response to the glibc vulnerability, which if we’re honest comes as no surprise considering the scale of the Linux vulnerability’s reach.
Right now they are testing through the entire product range to confirm whether the vulnerability affects them or not.
So far no confirmed products are ones that we use for clients at UKFast, but we’re on the case nonetheless.
We are actively in contact with Cisco so that if any products are confirmed to be impacted by the glibc flaw, we’ll be able to provide further information to our clients asap.
In the meantime, if you would like to know more about all of this, take a look at the Cisco Advisory page.
While we wait to hear back from Cisco, our engineers are testing the ability to filter the vulnerable DNS requests on our core network, so that we can roll out an immediate but temporary fix to all clients.
The long-term plan is to roll out the relevant patches where necessary once Cisco confirms the status. As soon as we get this information, we’re ready to roll this out.
We’ve also heard that VMware are investigating their response to the vulnerability in the same way as Cisco, so we will keep you posted on that too!