Yesterday, the team from Intel released a statement regarding Microarchitectural Data Sampling (MDS) – also referred to as ZombieLoad – a significant security vulnerability that affects cloud providers with multi-tenant environments, including our providers. Left unmitigated, this vulnerability could allow sophisticated attackers to gain access to sensitive data, secrets, and credentials that could allow for privilege escalation and unauthorized access to user data.
We have been working closely with our providers, who use Intel technology to understand the impact of these vulnerabilities and the best courses of action to protect our platform and our users. Almost immediately Intel sent updated microcode and developed a set of kernel updates to mitigate the vulnerability, these mitigations have been rapidly rolled out, with no downtime to our users.
At this stage, you don’t need to take any actions, everything has been taken care of on our side. However, standard web security practices should be kept at all times (core and plugins updates, maintain strong passwords, etc.)
In addition to sharing this blog post, we’re reaching out to all users via email. Should any important issues come up, we’ll post updates here, and we will reach out directly to users should any additional action be required.
The security of our platform and our users’ data is our top priority, and we’re taking every measure to ensure our customers remain secure. For more information about MDS, you can read Intel’s initial statement.