As explained in our initial update, we have been assessing and testing mitigations for Meltdown and Spectre vulnerabilities.

Intel’s poor communication to providers left just about everybody in the dark with very little means to properly prepare and secure their infrastructure. Thanks to an initial initiative between OVH and Online to ensure the best possible actions are carried out, a large number of providers got together to share information and coordinate with processor vendors. We joined this effort early on and are still active on this front.

The situation now

As it stands, our DE-FRA-1 site is the only one providing mitigations for all published CVEs. To ensure the best possible protection, you are encouraged to restart your VM instances in DE-FRA-1 (using “stop”, then “start” on our portal or through the API).

Since most CVE mitigations need Intel microcode releases, some still pending, AT-VIE-1, CH-DK-2, and CH-GVA-2 are still impacted by Spectre. We will start migration and reboot campaigns as soon as these microcodes are released and our validation ensures that no regression will occur.

Updated templates

All distributions now have mitigations for Meltdown. You can update your instances now (and reboot) to get this layer of protection in all our zones. For Spectre, mitigation of the second variant is only available in DE-FRA-1 zone. Moreover, only CentOS and Windows 2016 offer the appropriate mitigations. After update, be sure to stop your instance then start from our portal. Otherwise, the needed CPU features won’t be present. For Windows 2016, also have a look at the guide published by Microsoft.