DigitalOcean
Trust & Security

A Message About Intel’s Microarchitectural Data Sampling (MDS) Vulnerability

authorDigitalOcean
Posted: May 14, 20192 min read

Update: June 6, 2019

Today, we’re happy to share that we have completed Microarchitectural Data Sampling (MDS) mitigations across our fleet. While we applied microcode to mitigate the potential impact of the vulnerability to a majority of our platform several weeks ago, we were awaiting a microcode to apply to a small percentage of servers. Earlier this week, we received the updated microcode from Intel and our team has been working to update the microcode as quickly as possible, and completed those efforts today.

MDS vulnerability mitigations have been deployed across our entire platform, but we do strongly recommend that all users take steps to ensure your Droplets are up to date and secure, if you have not done so already. If you have already updated your Droplets, no additional action is required.

Original Post: May 14, 2019

Today, Intel released a statement regarding Microarchitectural Data Sampling (MDS) – also referred to as ZombieLoad – a significant security vulnerability that affects cloud providers with multi-tenant environments, including DigitalOcean. Left unmitigated, this vulnerability could allow sophisticated attackers to gain access to sensitive data, secrets, and credentials that could allow for privilege escalation and unauthorized access to user data.

We have been working closely with Intel to understand the impact of these vulnerabilities and the best courses of action to protect our platform and our users. We have received updated microcode from Intel and developed a set of kernel updates to mitigate the vulnerability, and we are rapidly rolling out these mitigations with no downtime to our users.

We also recommend taking steps to ensure your Droplet is up to date and secure. This is especially important if you are running multi-tenant applications or untrusted code inside your Droplet.

In addition to sharing this blog post, we’re reaching out to all users via email. We’ll continue to post informational updates here, and we will reach out directly to users should any additional action be required.

The security of our platform and our users’ data is our top priority, and we’re taking every measure to ensure our customers remain secure. For more information about MDS, you can read Intel’s initial statement.

Share

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!Sign up

Related Articles

Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program
trust-security

Announcing the Public Launch of DigitalOcean’s Paid Bug Bounty Program

Ari Kalfus

April 5, 20243 min read

DigitalOcean partners with Tabnine to bring the power of AI-enabled software development to startups and developers globally
news

DigitalOcean partners with Tabnine to bring the power of AI-enabled software development to startups and developers globally

Fer Oliveira

February 15, 20243 min read

Driving Inclusive Entrepreneurship with DO Impact
news

Driving Inclusive Entrepreneurship with DO Impact

Admas Kanyagia

February 12, 20243 min read

© 2024 DigitalOcean, LLC.Sitemap.