McAfee has included a method for auto deployment for the registry key change, which will allow the patch to be received through automatic Windows updates. For more information visit the McAfee website.
UKFast customers with a Physical Business Continuity Platform (BCP) Linux solution will need to have their reboots performed manually by the UKFast support team.
UKFast Windows Server clients using McAfee do not have to make changes to the registry to fix meltdown vulnerabilities, UKFast are in the process of rolling out these updates
New patches have been added for Debian and Ubuntu. See patch list below.
The eCloud control panel will be briefly disabled while we carry out patching work. We apologise for any inconvenience.
eCloud public has now been patched at a VMware level and is protected. See patch list below.
VMware have pulled their patches and and updated their knowledge base. The company is delaying new releases of microcode updates while it works with Intel to resolve microcode patch issues as quickly as possible.
Two connected processor vulnerabilities were recently announced named Meltdown and Spectre.
Every system is potentially affected, from consumer tech to cloud infrastructure.
Meltdown is a hardware vulnerability which allows for unauthorised access to privileged memory. The fix requires moving the kernel to a separate virtual address space from user processes. It affects Intel processors.
Patches are being released periodically for this issue. These can be found below.
It is commonly paired with the Spectre vulnerability, which affects a large range of x86 processors including Intel, AMD, and ARM.
Our experts are working on updates which should cause minimal disruption to normal services.
Software specific updates are as follows:
All the major Linux distributions have patches available below. You can run an update through your package manager and restart your server to install the patch.
UKFast customers with a Physical Business Continuity Platform (BCP) Linux solution will need to have their reboots performed manually by the UKFast support team. This is due to additional modules that need to be installed after the reboot takes place and could lead to instability on the platform. We are contacting our customers to arrange an appropriate time for this to take place.
Windows Server patches are available below. You can manually install these updates now by following instructions on UKFast Docs: Windows server client guide, or wait for the next update.
If you plan to manually install the patch, please be aware that there are known compatibility problems with some anti-virus vendors. You can check with your anti-virus provider and with Microsoft, which has provided further information about compatibility on its own support pages.
If you find that your anti-virus provider is not compatible with the patch, it will not be available to download from automatic updates, and will not automatically install during the next update. Please contact your anti-virus product vendor for more information.
UKFast Windows Server clients using McAfee do not have to make changes to the registry to fix meltdown vulnerabilities, UKFast are in the process of rolling out these updates. This means that clients following our update schedule and with no anti-virus installed or McAfee Anti-Virus installed will get the patches through an automatic update.
Installing the patch isn’t enough to enabled mitigation from the meltdown vulnerability and Microsoft require two registry keys to be changed, after the update is installed. We are working on automating this, so it can be scheduled through the my.ukfast.co.uk site, along with the required reboot.
For our clients using McAfee Anti-Virus, if you plan to use the Windows automatic update method and do not see the patches available, McAfee have published an article which explains how to ensure that this patch is available. McAfee is evaluating ways of making the registry key changes automatically, so if you aren’t comfortable making registry changes, it may be worth waiting until McAfee have another update. VMware has released a security advisory with regard to the Spectre vulnerability. You can find documentation about these updates here:
Cisco has stated that the majority of their products are closed systems and do not allow customers to run custom code so are not vulnerable.
Even so, the company is currently investigating its products which could be vulnerable: Cisco ASR 1000 Series, 5000 Series Switches, 7000 Series Switches, 9000 Series Switches and UCS B-Series
There is more information from their security center.
Potentially all devices are at a risk, and our advice is to periodically check for updates from your manufacturer and install as soon as possible. Over the coming weeks all vendors, developers and manufacturers should be issuing updates to protect your devices from any issues.
We will add links to new patches as soon as they are available.
RHEL 5: pending
RHEL 6: kernel-2.6.32-696.18.7.el6
RHEL 7: kernel-3.10.0-693.11.6.el7
CentOS 5: pending
CentOS 6: kernel-2.6.32-696.18.7.el6
CentOS 7: kernel-3.10.0-693.11.6.el7
Debian 6 Squeeze: not expected
Debian 7 Wheezy: 3.2.96-3
Debian 8 Jessie: 3.16.51-3+deb8u1
Debian 9 Stretch: 4.9.65-3+deb9u2
Ubuntu 12.04: not expected
Ubuntu 14.04: 18.104.22.168.148
Ubuntu 16.04: 22.214.171.124.113
Windows Server 2008: not expected
Windows Server 2008R2: KB4056897
Windows Server 2012: not expected
Windows Server 2012R2: KB4056898
Windows Server 2016: KB4056890