Trust & Security

A Message About Intel’s Latest Security Findings

Josh Feinblum

Posted: May 21, 20181 min read

In response to Intel’s statement today regarding new vulnerabilities, we wanted to share all the information we have to date with our customers and community.

Current information does not suggest that this latest vulnerability, Variant 4, would allow Droplets to gain access to the host hypervisor, or access to other Droplets. We also do not believe that we will need to reboot our entire fleet of hypervisors, as was necessary to mitigate impact from the initial Spectre and Meltdown vulnerabilities. However, there is a remote potential for exploit and we are working with Intel to validate microcode to patch for the vulnerabilities. We are accelerating the fix, but applying these updates takes coordination and time.

Our security and engineering teams are monitoring our hypervisors and following this issue closely. We remain in communication with our contacts at Intel regarding any new developments. The security of our users’ data is one of our highest priorities, and we are ready to take action if and when appropriate. At this time, we strongly recommend ensuring that you have the latest packages from your distributions, and you use the latest browser versions with fixes for Variant 4.

We will update this blog as more information becomes available. In addition to posting here, we will notify customers directly if there is a need to take action.

Share

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!Sign up

Related Articles

Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program
trust-security

Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program

Senior Manager, Product Security

April 5, 20244 min read

Fine-Grained RBAC For GitHub Action Workflows With GitHub OIDC and HashiCorp Vault
trust-security

Fine-Grained RBAC For GitHub Action Workflows With GitHub OIDC and HashiCorp Vault

Senior Manager, Product Security

February 3, 202328 min read

Enabling Engineering Teams Through Developer-First Secrets Management
trust-security

Enabling Engineering Teams Through Developer-First Secrets Management

Senior Manager, Product Security

January 26, 20238 min read