Update - We have now completed the rollout of updated Windows Server 2012 and Windows Server 2016 images, so any new provisions will be protected out of the box. Work continues on Windows Server 2008 with new images in final testing now, ahead of a targeted rollout tomorrow.
It is worth noting that the patches do have a performance impact for Windows servers. In our testing, performance remains mostly unchanged for Windows Server 2012 with the exception of storage, with a performance drop of 17% compared to the unpatched version. The performance impact on Windows Server 2016 is lower than that of Windows Server 2012, with again the only noticeable difference relating to storage - a 6% performance drop compared to before the patch.
Jan 22, 19:30 NZDT
Update - Another quick update on Meltdown and Spectre - we have rolled out images for Ubuntu, Debian and CentOS 7 which include updated kernels relevant to the vulnerabilites. We are still waiting on an updated CentOS 6 image but for other distributions, any new provisions will be updated out of the box. It is also worth noting that our testing has shown that within our infrastructure individual Linux virtual servers are not vulnerable to the Meltdown exploit. With our Windows images, Server 2012 and 2016 are in final internal testing with a view to being rolled out on Monday next week at which time we will also post more details about the impact of these patches.
For existing managed servers, we'll be in contact with customers directly on Tuesday next week with regard to our maintenance plans. We'll do our best to schedule these maintenances for off-peak times however the impact of these vulnerabilities means we may need to act quickly to ensure security for our customers.
Unmanaged customers: we recommend that you update as soon as you can, based on your OS vendor's recommendations. We've noted problems with the latest (at the time of writing) CentOS 6 kernels and don't recommend upgrading to it just yet, but outside of that we're not aware of any issues with the updates currently available. We will be preparing some knowledge base articles outlining the steps you need to take to be secure based on what we've learned over the last two weeks and hope to have those available for you early next week.
We will continue to update our status page with detail as more news becomes available.
Jan 19, 17:26 NZDT
Update - It’s time for another update about Meltdown and Spectre. Like almost every cloud service provider we have been learning more about these vulnerabilities every day as more information comes to light and more patches are made available.
One of the unique aspects of Meltdown and Spectre is that different hardware, virtualisation software, and guest operating systems are vulnerable in different ways. That means there’s no silver bullet across our entire fleet or product range.
That being said, we are currently testing updated images for Ubuntu, Debian, CentOS, CoreOS and Windows. Our goal is to release these early/mid next week once we’re confident in their stability and understand any potential performance impact they may have. From there we’ll be looking at if and when we need to apply these updates to managed servers.
If your server is unmanaged but a patch is available you can update to the latest kernel or OS version when ready by following the vendors documentation. Please do note that we cannot vouch for the stability or potential performance impact of any of these patches.
Patching customer servers is only part of the picture though. The underlying hardware nodes also need patching which is where our hardware and virtualisation vendors come in. In most cases we are still waiting on patches, but we are using this time to investigate our options to ensure our infrastructure is safe and secure in as timely fashion as possible while having minimal impact to reliability and performance.
We’ll post another update as soon as we have more news.
Jan 12, 16:18 NZDT
Update - Some key upstream vendors are still working on patches for these flaws and we're continuing to work with them. We expect to have more news later this week.
Jan 9, 10:43 NZDT