Moxie is aware of and monitoring the activities surrounding the Meltdown and Spectre vulnerabilities. Protecting our customer assets is always a top priority at Moxie. Our operations and security teams are carefully following the evolving understanding of this threat and are working with our vendors to review the hardware deployed in the Moxie data centers as well as the devices used by our employees. As software updates are available, we will work with our customers to plan deployment of fixes into our data centers and attempt to minimize the impacts of those updates to our services.
A summary of these vulnerabilities
- Meltdown is the name given to an exploitation known as CVE-2017-5754 or "rogue data cache load." The Meltdown technique can enable a user process to read kernel memory.
- Spectre is a name covering two different exploitation techniques known as CVE-2017-5753 or "bounds check bypass," and CVE-2017-5715 or "branch target injection." These techniques potentially make items in kernel memory available to user processes by taking advantage of a delay in the time it may take the CPU to check the validity of a memory access call.
- Both Meltdown and Spectre impact multiple modern processor types over multiple years
- Exploiting these vulnerabilities requires malicious software to run directly on the same machine as the software to be exploited.
- Patches are still in progress for some impacted hardware / software
Given that Moxie controls and carefully manages all of the software installed and running in our data centers, we do not anticipate an immediate threat to our data centers. Even so, Moxie will be deploying patches as they become available balancing security needs with possible service disruptions.
If you have any questions, please contact Moxie Support.