The first week of January news started to spread about new CPU vulnerabilities that have been discovered. This affects millions of devices, not only cloud computing platforms such as Google Cloud and AWS, but even your own desktops, laptops, and mobile devices. Security is of the utmost importance to us here at Kinsta, so we want to keep you in the loop regarding how this impacts our service and platform.  More details below.

CPU Vulnerabilities

Last June, the Google Project Zero security team discovered vulnerabilities that affect modern day CPUs, including those from AMD, ARM, and Intel. Google had a set date to originally disclose this on January January 9, 2018, but the media essentially started leaking information about this early and so they’ve now gone ahead and released the details in full regarding the security flaws.

Here’s how Google summarizes it:

We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.”

So far, there are three known variants of the issue, also referred to as Spectre and Meltdown:

To put in layman’s terms, these are not only security flaws, but they also have an impact on performance. Read more in detail in this article from Project Team Zero. Google has also published a help page explaining which products and services are affected.

How This Impacts Kinsta

Regarding Kinsta there are two different layers which are affected. First, our host machines run on Google Compute Engine and these have already been updated to prevent all known vulnerabilities. Google uses their live VM migration technology to perform the updates with no user impact, no forced maintenance windows, and no required restarts.

The second is that all operating systems running on the virtual machines on top of our host machines need to also be patched. We utilize Ubuntu here at Kinsta and they have announced that they are accelerating their release dates for the fixes. Due to the seriousness of this threat, we are watching for these updates carefully. and as soon as updates are available we’ll be applying them. All of our virtual machines have been updated and are now Spectre and Meltdown protected.

What You Should Do

In regards to your WordPress sites at Kinsta, there is nothing you need to do. As far as your own devices, here are some things to be aware of:

If you’re a current Kinsta customer and have any additional questions regarding these recent security flaws, feel free to reach out to our support team or leave us a comment below.

Get all your applications, databases and WordPress sites online and under one roof. Our feature-packed, high-performance cloud platform includes:

  • Easy setup and management in the MyKinsta dashboard
  • 24/7 expert support
  • The best Google Cloud Platform hardware and network, powered by Kubernetes for maximum scalability
  • An enterprise-level Cloudflare integration for speed and security
  • Global audience reach with up to 35 data centers and 275+ PoPs worldwide

Test it yourself with $20 off your first month of Application Hosting or Database Hosting. Explore our plans or talk to sales to find your best fit.