Friday 5th January 2018

cloud.ca response to Meltdown and Spectre vulnerabilities

The cloud.ca team has been actively researching and investigating the announcement of the Meltdown and Spectre vulnerabilities earlier this week. As a result, we are currently testing a newly released XenServer hypervisor patch that provides for some mitigation related to these issues. If this goes well, we'd likely move forward with an emergency maintenance early next week to begin updating our data centre environments. This would be expected to be a non-impactful maintenance.

However, this is a multi-facted issue, that will require a multi-faceted approach to more thorough mitigation:

  • Customers will need to be vigilant about application of guest OS patches that further mitigate any vulnerabilities, as they become available. The cloud.ca team is in the process of updating our OS templates. Please contact us for specific information
  • We will be keeping an eye on any firmware/BIOS patches that could be applied to further mitigate this at the HW level

We will post more details on our maintenance plan and schedule as soon as this has been formalized.