On Wednesday, January 3rd, 2018, Google publicly disclosed Meltdown and Spectre, two methods for attacking Intel, AMD, and ARM processor vulnerabilities (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754). CenturyLink Cloud is aware of these vulnerabilities and is actively mitigating potential threats. Fixes are currently being tested, and anticipate that 92% of our environment to be patched by Monday, January 8th, 2018. Customers who fall into the remaining 8% of infrastructure will be contacted directly within 24 hours for patching timelines. An update will be provided when all fixes are in place.
At this time, there is no indication that these vulnerabilities have impacted us or have been used to attack our customers.
Please note that while CenturyLink is patching our environment, we want to remind our customers that they are responsible for updating the operating system of their cloud virtual and bare metal servers. We recommend you check with your operating system vendor(s) and system manufacturer(s), and apply any updates as soon as they are available.
For managed OS customers, please reference the Patching and update process Knowledge Base article.
If you have any questions or concerns, please contact firstname.lastname@example.org.