VersionOne is aware of a set of vulnerabilities affecting certain Intel, AMD and ARM processors. We are working with our hosting provider, Rackspace, on plans to address the vulnerabilities as vendor patches are released and workarounds become available. Further details about the security vulnerabilities can be found here: https://googleprojectzero.blogspot.c...with-side.html.
US-CERT and NCSC have released the following:
"US-CERT is not aware of any active exploitation at this time." (https://www.us-cert.gov/ncas/current...ulnerabilities). January 5, 2018 13:00 CST
"At this stage there has been no evidence of any malicious exploitation..." (https://www.ncsc.gov.uk/report/weekl...h-january-2018). January 5, 2018 13:00 CSTD
While there is currently no single fix for the vulnerabilities, a number of vendors are releasing suggested mitigation(s) and remediation(s). As these are released, we'll work with Rackspace to assess, test, coordinate and deploy accordingly across our hosted infrastructure. We will communicate to affected customers if actions that would impact their hosted instances are required. The plan is to implement the patches/workarounds during the normal hosted maintenance schedule. This is a complex and evolving situation. Our first priority is to ensure our customers' data is protected, and we'll do that in the least impactful manner possible.