UPDATED 08.15.18: Speculative Execution Vulnerabilities

Updated Aug. 15, 2018 07:30 CST

On August 14, 2018, details about a series of speculative execution side-channel vulnerabilities, L1 Terminal Fault (L1TF) or Foreshadow, were released.

Details related to the vulnerabilities can be found in CVE-2018-3615CVE-2018-3620, and CVE-2018-3646.

We are continuing to work in collaboration with our vendors and partners. If we need to take action that would impact customers, we will provide additional guidance directly to the customers involved.


Updated Aug. 9, 2018 15:05 CST

Rackspace is aware of a new exploit related to the Spectre vulnerabilities identified this year. This exploit has been labeled as NetSpectre.

In order to execute an attack, a user would need to generate large amounts of traffic to a specified server which would then gather a single bit of data. This would need to be completed repeatedly in one bit increments to be successful. Additional details can be found in CVE-2017-5753.

Rackspace recommends updating to current firmware/microcode versions to mitigate NetSpectre.

We continue to work in collaboration with our vendors and partners. Additional details will be provided as they are made available. If we need to take action that would impact customers, we will provide additional guidance directly to the customers involved.


Updated May 24, 2018 11:40 CST

On May 21, 2018, new variants for Spectre and Meltdown (side-channel processing unit hardware vulnerabilities) were disclosed; known as 3A and 4.

We are continuing to work in collaboration with our vendors and partners. Additional details will be provided as they are made available. If we need to take action that would impact customers, we will provide additional guidance directly to the customers involved.

Details related to the vulnerabilities can be found in CVE-2018-3639 , CVE-2018-3640 and US Cert’s Alert (TA18-141A).


Updated May 4, 2018 12:05 CST

Rackspace is aware of another set of vulnerabilities reported as “Spectre-NG.” We are investigating in collaboration with our vendors and partners. We will provide additional updates as information becomes available.


Updated April 10, 2018 15:00 CST

Firmware/microcode updates related to the CPU speculative execution vulnerabilities have been released by vendors for a subset of dedicated server platforms.

Rackspace will perform testing according to our standard procedures for each firmware/microcode update as it becomes available. Additional steps may be required for full remediation of the guest OS following the application of the firmware/microcode update. As firmware/microcode updates become available for customer consumption, Rackspace will communicate directly to affected customers.

Additional information can be found on Rackspace’s Firmware/Microcode Update page.


Updated Feb. 12, 2018 16:00 CST

Rackspace has taken significant steps towards applying the main Windows® registry key on cloud and dedicated servers. This key is required to install January and February 2018 Security rollup patches and future Microsoft Security patches. Additional details related to registry keys can be found on the Windows OS Mitigations page.

Rackspace will continue to communicate if action that would impact customers is required to remediate the CPU speculative execution vulnerabilities. To view the current status of our remediation efforts, visit the Rackspace Support Network.


Updated Jan. 24, 2018 15:35 CST

Rackspace continues to execute its mitigation and remediation strategy to address the CPU speculative execution vulnerabilities. We have multiple teams working with the utmost urgency to remediate these vulnerabilities. This a complex and evolving situation, as the guidance provided by numerous vendors regarding remediation efforts and patching continues to change.

Based on the level of threat, we firmly believe the best course forward is to continue working with our vendors as they develop stable and proven patches and applying them in the least impactful manner possible.

If we need to take action that would impact customers, we will provide additional guidance directly to the customers involved. To view the current status of our remediation efforts, visit Rackspace Support Network.


Updated Jan. 11, 2018 14:45 CST

Rackspace continues work to mitigate and remediate the three vulnerabilities discovered Jan. 3.

As we have noted, we are engaged in a full-scale response. We continue to communicate directly with customers if we need to take actions that would impact their environments.

While we can’t currently offer a timeline when full mitigation and remediation will be complete, we will update this blog post when we have relevant new information to share. We understand this lack of information can be frustrating. However, we are providing updates on how mitigation efforts are affecting specific services on the Rackspace Support Network.

Please know we are treating this incident with the utmost urgency, working to ensure our customers’ environments are protected in the least impactful manner possible.



Updated Jan. 10, 2018 09:45 CST

Updates on specific Rackspace services now available via the Rackspace Support Network.


Updated Jan. 5, 2018, 14:30 CST 

On Jan. 3, 2018, Rackspace was made aware of a set of vulnerabilities affecting certain Intel, AMD and ARM processors.  

We are addressing the issue as vendor patches are released and workarounds become available.

Further details about the security vulnerabilities can be found here. The U.S. Computer Emergency Readiness Team and the National Counterintelligence and Security Center have released the following:   

At Rackspace, we’re focused on ensuring our solutions best support our customers’ environments. We’re implementing a plan of action and proactively investigating solutions to remedy this issue.

While there is currently no single fix for the vulnerabilities, a number of vendors have released suggested mitigations and remediation(s). As these are released, we’ll assess, test, coordinate and deploy accordingly across our environment. We will communicate to affected customers if actions that would impact their environments are required. 

This is a complex and evolving situation. Our first priority is to ensure our customers’ environments are protected, and we’ll do that in the least impactful manner possible. 

Brian Kelly is Chief Security Officer at Rackspace, responsible for protecting the company and its customers from the constantly-evolving risks and threats that exist in the IT world, as well as focusing on the physical security of Rackspace facilities. He has more than 35 years of experience, beginning in the United States Air Force, where he rose to the rank of Lieutenant Colonel.