A security vulnerability has been identified in all major CPU vendors that can potentially allow user processes to access protected memory within the operating system and other running processes.
How does this affect my organisation?
Public cloud customers should be aware that this may allow sensitive data to be accessed by other virtual machines running on the same hypervisor. However, as an AC3 customer, your services are shared with other corporate businesses, like yours. While this does not mitigate the threat, it does reduce it when compared with hyperscale providers.
If you are operating private cloud services, you may also be impacted, however you are only vulnerable to your own organisations virtual machines.
In addition to this, other machines (physical and virtual) are also vulnerable to these attacks. Processes may be able to access memory allocated to other processes regardless of the security protections put in place by the operating system.
What is AC3 doing to protect me?
AC3 will apply the relevant hypervisor patches to ensure your environment is protected.
If you subscribe to our operating system management products, an AC3 representative will be in touch to schedule the patching of these services.
Please be aware that a performance impact is expected from applying the relevant patches. This has been estimated to be between 5-23% of performance depending on the hypervisor and operating systems involved.
Threat response rating
Based on the information available at the time of this notice, we have classified these security vulnerabilities as Warning and recommend that you watch and act.
Advice (no urgent remediation action required); Warning (Watch and act); Action required (urgent remediation action required)
More information about these security vulnerabilities are available at the links below.
For more information, please contact us by emailing firstname.lastname@example.org