Critical Intel, AMD and ARM Processor Vulnerability Response

On the 4th of January 2018, details of two critical hardware vulnerabilities Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) emerged that impact the majority of computers running Intel Processors (Spectre and Meltdown), AMD and ARM processors (Spectre). For any impacted system, it may be possible to craft an exploit such that memory content of that system can be read by an adversary.

The potential ramifications of these hardware vulnerabilities is critical. Macquarie treat all security vulnerabilities and incidents with the highest priority and as a result we have been working with our hardware and software vendors to plan and execute any necessary fixes and patches.

Our customers have received communication regarding any potential impact to their environments, and we will continue to keep them updated.

Fortunately, there are many software patches for both Spectre and Meltdown. Patches have been released for Windows, Linux and macOS. It is not sufficient to rely on anti-virus or malware solutions for protection against these vulnerabilities. We urge all customers to immediately ensure their operating systems are fully patched. We have already been working to ensure full compliance for customers that have a managed patching service with us. It should also be noted that these vulnerabilities impact dedicated servers, virtual servers and containerised (LXC and Docker) environments.

Macquarie will continue to prioritise the fixes to these vulnerabilities to ensure our cloud environments are fully protected with minimum disruption.

Updates:

• 8th of January, 2018: We have been working tirelessly to complete the patching of our shared LAUNCH Cloud Platform. Patching of the shared platform is now complete. We continue to work closely with our vendors to review and test guest OS-level patching and we’re keeping our customers informed.