A Message About Intel’s Microarchitectural Data Sampling (MDS) Vulnerability
Update: June 6, 2019
Today, we’re happy to share that we have completed Microarchitectural Data Sampling (MDS) mitigations across our fleet. While we applied microcode to mitigate the potential impact of the vulnerability to a majority of our platform several weeks ago, we were awaiting a microcode to apply to a small percentage of servers. Earlier this week, we received the updated microcode from Intel and our team has been working to update the microcode as quickly as possible, and completed those efforts today.
MDS vulnerability mitigations have been deployed across our entire platform, but we do strongly recommend that all users take steps to ensure your Droplets are up to date and secure, if you have not done so already. If you have already updated your Droplets, no additional action is required.
Original Post: May 14, 2019
Today, Intel released a statement regarding Microarchitectural Data Sampling (MDS) – also referred to as ZombieLoad – a significant security vulnerability that affects cloud providers with multi-tenant environments, including DigitalOcean. Left unmitigated, this vulnerability could allow sophisticated attackers to gain access to sensitive data, secrets, and credentials that could allow for privilege escalation and unauthorized access to user data.
We have been working closely with Intel to understand the impact of these vulnerabilities and the best courses of action to protect our platform and our users. We have received updated microcode from Intel and developed a set of kernel updates to mitigate the vulnerability, and we are rapidly rolling out these mitigations with no downtime to our users.
We also recommend taking steps to ensure your Droplet is up to date and secure. This is especially important if you are running multi-tenant applications or untrusted code inside your Droplet.
In addition to sharing this blog post, we’re reaching out to all users via email. We’ll continue to post informational updates here, and we will reach out directly to users should any additional action be required.
The security of our platform and our users’ data is our top priority, and we’re taking every measure to ensure our customers remain secure. For more information about MDS, you can read Intel’s initial statement.