DE | EN
The Datacenter in Switzerland
Order our new Webhosting 2.0 with a low-price offer.

Information about the vulnerabilities Meltdown and Spectre

Version 2.2, 25.01.2018

The security gaps Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753, CVE-2017-5715) have been publicly announced on the 3. January 2018. According to reports, the concerned processors of Intel, AMD and ARM can have the following consequences as described by Project Zero:
  • Variant 1: Bounds Check Bypass (CVE-2017-5753), (Spectre)
  • Variant 2: Branch Target Injektion (CVE-2017-5715), (Spectre)
  • Variant 3: Rogue Data Cache Load (CVE-2017-5754), (Meltdown)
These security gaps allow programs that are running with normal restricted privileges to obtain access to protected areas on the processor (Kernel Memory).

Affected processors

Producer Affected CPU's Variant 1 (Spectre) Variant 2 (Spectre) Variant 3 (Meltdown)
AMD No details so far. Yes Gem. AMD near-zero-risk No
ARM Cortex Yes Yes Yes
Intel CPUs with Out-Of-Order Execution (CPUs since 1995, except for Itanium and Atom before 2013) Yes Yes Yes
Status 11. Januar 2018

Betroffene Produkte

These products are affected by Variant 1:
  • Linux Virtual Server Pro
  • Windows Virtual Server Pro
  • Virtual Server 2.0 Linux
  • Virtual Server 2.0 Windows
  • Linux Dedicated Server Pro
  • Windows Dedicated Server Pro
  • Linux Webhosting
  • NAS-Cloud
  • Cloud Services

Products being clarified

These products are still being clarified and will be added to the list above if necessary
  • No further products

Updates / Upgrades

Hardware, BIOS and Firmware
Microcode updates which would require an update of the BIOS might be necessary to seal these security gaps. We are cooperating with the manufactures accordingly.
The corresponding updates on the host systems will be carried out as soon aspossible. We will inform affected customers about any interruptions through our newsletter. If possible, these updates will be carried out without any impact on the customer.

Operating System and Software
You can find information regarding the update-status of the Operating Systems on the corresponding websites. The most important links are listed here:
Web Browser
The vulnerability Meltdown and Specter can also be exploited via the web browser. We therefore recommend to always keep the browser up to date. The host systems will be maintained with the corresponding updates by us as soon as possible. We will do our best that any interruptions caused by reboots of the host system will be carried out without causing interruptions of our customers. If that is not possible we will inform the affected customers through our newsletter. Because your system is still vulnerable to attacks you must keep your system up to date.

Current state of the products

The CPUs used by Softronics are according to the manufacturer's information from 11.01.2018 are not affected by Meltdown. We will test the available security solutions on the host servers and our infrastructure as fast as possible. When the tests have been successfully completed we will swiftly preform the rollout. We usually try to do this without causing interference for our customers. We will inform affected customers about any interruptions through our newsletter.

Produkt    Effects       BIOS aktuell OS aktuell
Host Server "Linux Virtual Server Pro" Variant 1 Yes In discussion
Host Server "Windows Virtual Server Pro" Variant 1 Yes In discussion
Host Server "Virtual Server 2.0 Linux" Variant 1 Yes Tests running
Host Virtual Server 2.0 Windows Variant 1 Yes Tests running
Linux Dedicated Server Pro Variant 1 Open Responsibility customer1
Windows Dedicated Server Pro Variant 1 Open Responsibility customer1
Linux Webhosting Variant 1 Yes In Abklärung
NAS Cloud Variant 2 Open Responsibility customer1

1Patching and keeping the OS up to date is the responsibility of the customer

Responsibility customer

We recommend you install the updates as soon as stable versions are available since the Operating systems installed on our Virtual- and Dedicated servers are vulnerable as well. As of today (19.01.2018) there are not micro updates or patches available for the NAS-Cloud.
We also encourage you to keep your applications up to date as well.
We are happy to assist you with the necessary tasks. To do so, please contact our support.

Product Effects BIOS Update1 OS Update2 Software Update3
Linux Virtual Server Pro Variant 1 No Yes Yes
Windows Virtual Server Pro Variant 1 No Yes Yes
Virtual Server 2.0 Linux Variant 1 No Yes Yes
Virtual Server 2.0 Windows Variant 1 No Yes Yes
Linux Dedicated Server Pro Variant 1 Offen Yes Yes
Windows Dedicated Server Pro Variant 1 Offen Yes Yes
Linux Webhosting Variant 1 No No Yes
NAS Cloud Variant 2 Yes Yes Yes
1Customer can perform BIOS updates
2Customer can perform OS-updates
3Customer can update software and applications

Additional information

Änderungshistorie

  • Version 2.2, 25.01.2018, Managing Speculation on AMD Processors Whitepaper added
  • Version 2.1, 23.01.2018; information about current Intel patches added
  • Version 2.0, 19.01.2018; added status of products
  • Version 1.5, 18.01.2018; added Link Retpoline
  • Version 1.4, 17.01.2018: Cloud Services added to affected products
  • Version 1.3, 16.01.2018: Information added about NAS-Cloud and Debian
  • version 1.2, 15.01.2018; Information about Web Browser
  • Version 1.1, 15.01.2018; NAS-Cloud added to affected products
  • Version 1.0, 10.01.2018: Initial Version up to date