CPU vulnerabilities are a major security concern for Kinsta customers. CPU vulnerabilities can allow attackers to gain access to sensitive data, execute malicious code, and even take control of a system. Kinsta customers need to be aware of the potential risks associated with CPU vulnerabilities and take steps to protect their systems.
Kinsta customers should ensure that their systems are running the latest version of their operating system and any other software they are using. This will help to ensure that any security patches and updates are applied to address any known CPU vulnerabilities. Additionally, customers should ensure that their systems are configured with the latest security settings and that any unnecessary services are disabled.
Kinsta customers should also be aware of the potential risks associated with using third-party plugins and themes. These can introduce additional vulnerabilities that can be exploited by attackers. Customers should ensure that any third-party plugins and themes they are using are regularly updated and that any security patches are applied.
Finally, Kinsta customers should ensure that their systems are regularly monitored for any suspicious activity. This can help to identify any potential security issues before they become a major problem. Additionally, customers should ensure that their systems are backed up regularly in case of any data loss or corruption.
The first week of January news started to spread about new CPU vulnerabilities that have been discovered. This affects millions of devices, not only cloud computing platforms such as Google Cloud and AWS, but even your own desktops, laptops, and mobile devices. Security is of the utmost importance to us here at Kinsta, so we want to keep you in the loop regarding how this impacts our service and platform. More details below.
Last June, the Google Project Zero security team discovered vulnerabilities that affect modern day CPUs, including those from AMD, ARM, and Intel. Google had a set date to originally disclose this on January January 9, 2018, but the media essentially started leaking information about this early and so they’ve now gone ahead and released the details in full regarding the security flaws.
Here’s how Google summarizes it:
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.”
So far, there are three known variants of the issue, also referred to as Spectre and Meltdown:
To put in layman’s terms, these are not only security flaws, but they also have an impact on performance. Read more in detail in this article from Project Team Zero. Google has also published a help page explaining which products and services are affected.
How This Impacts Kinsta
Regarding Kinsta there are two different layers which are affected. First, our host machines run on Google Compute Engine and these have already been updated to prevent all known vulnerabilities. Google uses their live VM migration technology to perform the updates with no user impact, no forced maintenance windows, and no required restarts.
The second is that all operating systems running on the virtual machines on top of our host machines need to also be patched. We utilize Ubuntu here at Kinsta and they have announced that they are accelerating their release dates for the fixes. Due to the seriousness of this threat, we are watching for these updates carefully.
and as soon as updates are available we’ll be applying them. All of our virtual machines have been updated and are now Spectre and Meltdown protected.
What You Should Do
In regards to your WordPress sites at Kinsta, there is nothing you need to do. As far as your own devices, here are some things to be aware of:
If you’re a current Kinsta customer and have any additional questions regarding these recent security flaws, feel free to reach out to our support team or leave us a comment below.