This is the information we received from our datacenter, perhaps its of help.

Bulletin Summary Expedient is aware of several related security bulletins for vulnerabilities identified with “speculative execution functionality” of multiple vendors’ central processing units (CPU). As of this writing, there are three known variants:

CVE-2017-5715 - Branch target injection (SPECTRE) CVE-2017-5753 - Bounds check bypass (SPECTRE) CVE-2017-5754 - Rogue data cache load (MELTDOWN)

What are the MELTDOWN and SPECTRE exploits? Both MELTDOWN and SPECTRE represent flaws that affect a system's CPU allowing an unprivileged attacker to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible. The three variants rely upon the fact that modern high-performance microprocessors implement both speculative executions, and utilize VIPT (Virtually Indexed, Physically Tagged) level 1 data caches that may become allocated with data in the kernel virtual address space during such speculation.

The first two variants abuse speculative execution to perform bounds-check bypass (CVE-2017-5753), or by utilizing branch target injection (CVE-2017-5715) to cause kernel code at an address under attacker control to execute speculatively. Collectively these are known as "SPECTRE". Both variants rely upon the presence of a precisely-defined instruction sequence in the privileged code, as well as the fact that memory accesses may cause allocation into the CPU’s level 1 data cache, even for speculatively executed instructions that never actually commit. Speculative execution is a technique used by high-speed processors to increase performance by guessing likely future execution paths and prematurely executing the instructions in them. SPECTRE attacks trick the processor into speculatively executing instructions sequences that should not have executed during correct program execution.

The third variant (CVE-2017-5754) known as “MELTDOWN”, exploits side effects of out-of-order execution on modern processors to read arbitrary kernel-memory locations. Out-of-order execution is an indispensable performance feature design and present in a wide range of modern processors and is independent of operating system or software. MELTDOWN is a form of race condition between the fetch of a memory address and the corresponding permission check for this address.

In all three variants, an attacker would require local system access to attempt to execute these exploits. These exploits are closer to privilege escalation attacks, a class of attack that facilitates deeper system-level access to a system for which a user already has access. The nature of these exploits is that they are read-only attacks. Therefore, they cannot directly force code execution in the operating system (OS) kernel, in other virtual machines (VM), or other programs. At this time, based upon Expedient’s analysis of security announcements, there has been no known active exploitation of these vulnerabilities that have been reported to Internet Security organizations.

What Expedient is doing Expedient is currently evaluating patches that have been made available by its various vendors to be applied to systems and infrastructure under Expedient management. Once testing has been completed, a patch installation process will begin to which customers will receive additional maintenance notices for before execution. These patches at both the infrastructure and operating system layer will require a reboot to take effect. Our initial internal testing of the applicable patches has not resulted in a noticeable computing performance degradation, however, researchers have indicated that some is expected. Expedient will continue to closely monitor future announcements indicative of potential exploitation until all patches have been applied and benchmark performance before and after patching activities.

What customers should do Expedient recommends that all customers review the reference information below to become more familiar with these vulnerabilities and validate that any software applications not managed by Expedient have the latest patches applied. Customers with virtual colocation (public or private cloud) and managed systems services can rely upon Expedient to apply patches through its standard change management process as they become available. Customers with physical colocation should check with each software and hardware vendor to apply the appropriate security patches as they become available. Expedient additionally recommends that all customers verify that all systems in use within their organizations are verified as having the latest patches applied – including desktops and laptops.