In response to the recently disclosed Processor Speculative Execution vulnerabilities in CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 – collectively referred to as “Meltdown” and “Spectre”, as of 01/04/2018 all rSmart cloud platforms have been patched and are protected from these threat vectors. rSmart will continue to stay involved in the discussion and will provide updates as needed on future developments regarding these CVEs. rSmart SecOps policy has always been and will continue to be to deploy critical security updates immediately upon release, regardless of maintenance cycle schedules.
Here are the Amazon Web Services (AWS) details: https://aws.amazon.com/security/security-bulletins/AWS-2018-013.
If you would like additional information on these exploits and how they might effect your users, please don’t hesitate to ask, but know that the OneCampus servers have been secured.
For information on how to help protect your users with general use, check out this piece from Fortune magazine.
UPDATE, January 12, 2018: Today, Intel has revealed that a glitch in its patch for the Meltdown and Spectre CPU attacks is causing problems on PCs and datacenter equipment. rSmart continues to work with Amazon Web Services to ensure OneCampus remains unaffected.