This week Intel released a statement regarding Microarchitectural Data Sampling (MDS), another vulnerability in the "speculative execution" feature of modern processors. This is for HyperThreading and is the feature that allows the CPU to work out what commands will be run next, if they would affect the current running command and if not, run it on the same core. One of the exploits of this latest vulnerability is called ZombieLoad and this is a really serious security vulnerability that affects all cloud providers with multi-tenant environments. If it's not fixed it could allow attackers with the knowledge of how to exploit it to gain access to sensitive data (such as authentication credentials) that could allow them to gain higher privileges or access other users' data.

As the Kernel team have released fixes and these have been rolled out by the Linux distributors such as Ubuntu, we've updated the Kernel on all of our compute nodes out of hours this week (hopefully you didn't even notice a blip during this update, as OpenStack allows us to "live migrate" your instances around between nodes as we update them).

We would recommend that you ensure updated packages are installed for your instances by using steps like apt-get update && apt-get upgrade or yum update. This is especially important if your instances host multi-tenant applications or any untrusted third-party code.

HOWEVER: There may be a problem upgrading the Kernel on CentOS 6 (which is why we've disabled selecting it when launching a new instance), other cloud hosts are reporting the same problem - the upgrade breaks booting, causing the loss of your instance. So, upgrade those hosts at your own risk. We'd recommend launching a new CentOS 7 instance and migrating your data/applications to it.

If you have any questions, feel free to post about them in our community forums!