Scheduled rolling downtime for Spectre and Meltdown patches
Third Light systems will need to be rebooted in order to implement fixes for two important vulnerabilities, known as Spectre and Meltdown, which affect all modern computer systems.
Meltdown (CVE-2017-5754) breaks the isolation between user applications and the operating system. This problem affects all modern Intel CPUs, but can be patched. A reboot is needed to apply the fix.
Spectre (CVE-2017-5753 and CVE-2017-5715) breaks the isolation between user applications, meaning that well-designed applications can be tricked into leaking information to other processes running on the same CPU.
For further information about Meltdown and Spectre, including details of how they work and what risks and mitigations apply, please see https://meltdownattack.com/.
Scheduled downtime on 25, 26 and 29 January 2018
Third Light's servers do not host any executable content for our customers. As a result, we have taken a reasonably cautious approach to patching these vulnerabilities, and where no customer-facing sites are involved we have already completed the security updates.
A few systems remain which will require a reboot. These include storage and database systems, which are used by customer sites or host parts of our Standard and Premium platforms. We will be completing sequences of rebooting these servers on the following dates and times:
- 25 January 2018 - 08:00 to 09:00 GMT
- 26 January 2018 - 08:00 to 09:00 GMT
- 29 January 2018 - 08:00 to 09:00 GMT
Due to the way the work is planned, no single customer will be affected more than once. Reboots will require around 10 minutes of downtime. We are committed to security and cannot avoid these interruptions, but will endeavour to keep any disruption to an absolute minimum. We will also post any status updates to our Twitter account - @3rdlight - if you wish to check in with us on those dates.
If you have questions, please feel free to email firstname.lastname@example.org. Thank you for your patience.