Updated Jan. 11, 2018 14:45 CST
Rackspace continues work to mitigate and remediate the three vulnerabilities discovered Jan. 3.
As we have noted, we are engaged in a full-scale response. We continue to communicate directly with customers if we need to take actions that would impact their environments.
While we can’t currently offer a timeline when full mitigation and remediation will be complete, we will update this blog post when we have relevant new information to share. We understand this lack of information can be frustrating. However, we are providing updates on how mitigation efforts are affecting specific services on the Rackspace Support Network.
Please know we are treating this incident with the utmost urgency, working to ensure our customers’ environments are protected in the least impactful manner possible.
Updated Jan. 10, 2018 09:45 CST
Updates on specific Rackspace services now available via the Rackspace Support Network.
Updated Jan. 5, 2018, 14:30 CST
On Jan. 3, 2018, Rackspace was made aware of a set of vulnerabilities affecting certain Intel, AMD and ARM processors.
We are addressing the issue as vendor patches are released and workarounds become available.
- “US-CERT is not aware of any active exploitation at this time.” – Jan. 5, 2018 13:00 CST
- “At this stage there has been no evidence of any malicious exploitation…” – Jan. 5, 2018 13:00 CST
At Rackspace, we’re focused on ensuring our solutions best support our customers’ environments. We’re implementing a plan of action and proactively investigating solutions to remedy this issue.
While there is currently no single fix for the vulnerabilities, a number of vendors have released suggested mitigations and remediation(s). As these are released, we’ll assess, test, coordinate and deploy accordingly across our environment. We will communicate to affected customers if actions that would impact their environments are required.
This is a complex and evolving situation. Our first priority is to ensure our customers’ environments are protected, and we’ll do that in the least impactful manner possible.