August 15, 2018 4:55PM BST August 15, 2018 3:55PM UTC
[Investigating] As of 09am 15th August 2018, Node4 have been aware of the discovery of a new “speculative execution side-channel" type vulnerabilities within Intel processors. Called L1 Terminal Fault (L1TF) or "Foreshadow", this vulnerability concerns processors with SMT technology which could allow malicious code running on one thread to access data from the other thread's L1 cache within a single core.
Of the 3 discovered variants only L1FT VVM could affect Node4 Cloud services. L1FT / Foreshadow vulnerability is extremely complex to implement and only a proof of concept , developed in the laboratory, validated its existence. While there is currently no single fix for the vulnerabilities, a number of vendors have released suggested mitigations and remediation(s). As these are released, we’ll assess, test, coordinate and deploy accordingly across our environment. We will communicate to affected customers if actions that would impact their environments are required.
Node4 takes security of its clients and its own infrastructure extremely seriously and work closely with our partners, manufacturers and publishers, to improve the security of our infrastructure every day.
This complex and evolving situation will be monitored by Node4 Security Operations Centre to ensure our customers’ environments are protected, and we’ll do that in the least impactful manner possible.
Node4 Technical Support