UPDATED 01.11.18: Vulnerabilities Affecting Processors by Intel, AMD and ARM

Updated Jan. 11, 2018 14:45 CST

Rackspace continues work to mitigate and remediate the three vulnerabilities discovered Jan. 3.

As we have noted, we are engaged in a full-scale response. We continue to communicate directly with customers if we need to take actions that would impact their environments.

While we can’t currently offer a timeline when full mitigation and remediation will be complete, we will update this blog post when we have relevant new information to share. We understand this lack of information can be frustrating. However, we are providing updates on how mitigation efforts are affecting specific services on the Rackspace Support Network.

Please know we are treating this incident with the utmost urgency, working to ensure our customers’ environments are protected in the least impactful manner possible.

Updated Jan. 10, 2018 09:45 CST

Updates on specific Rackspace services now available via the Rackspace Support Network.

Updated Jan. 5, 2018, 14:30 CST 

On Jan. 3, 2018, Rackspace was made aware of a set of vulnerabilities affecting certain Intel, AMD and ARM processors.  

We are addressing the issue as vendor patches are released and workarounds become available.

Further details about the security vulnerabilities can be found here. The U.S. Computer Emergency Readiness Team and the National Counterintelligence and Security Center have released the following:   

At Rackspace, we’re focused on ensuring our solutions best support our customers’ environments. We’re implementing a plan of action and proactively investigating solutions to remedy this issue.

While there is currently no single fix for the vulnerabilities, a number of vendors have released suggested mitigations and remediation(s). As these are released, we’ll assess, test, coordinate and deploy accordingly across our environment. We will communicate to affected customers if actions that would impact their environments are required. 

This is a complex and evolving situation. Our first priority is to ensure our customers’ environments are protected, and we’ll do that in the least impactful manner possible. 

Brian Kelly is Chief Security Officer at Rackspace, responsible for protecting the company and its customers from the constantly-evolving risks and threats that exist in the IT world, as well as focusing on the physical security of Rackspace facilities. He has more than 35 years of experience, beginning in the United States Air Force, where he rose to the rank of Lieutenant Colonel.