IBM Cloud Takes Action to Address Latest Security Vulnerabilities
Potential security vulnerabilities made public on August 14, 2018, have the potential to allow those with malicious intent to gather sensitive data from computing devices and, therefore, must be addressed. Although there has yet to be a known exploit, IBM Cloud takes all threats seriously and is taking precautionary measures on behalf of our clients.
Next steps: cloud host reboots
IBM Cloud will apply patches to VSI cloud hosts worldwide in the coming days to mitigate the risk to our virtual server clients. We are not able to mitigate this potential vulnerability via hot patching, thus cloud host reboots are the best approach to mitigating the threat to our VSI platform. We are working to develop our maintenance schedule, taking into account our clients’ workloads, and will publish once completed. We will work to provide, at minimum, a seven-day advance notice so clients can prepare for the maintenance.
IBM Cloud already sent an Event Notification to all affected clients with active VSIs detailing the overall maintenance schedule. We understand clients may have numerous devices throughout IBM Cloud Infrastructure, and we’ll also send maintenance notifications with more precise details. These maintenance tickets will identify the affected VSIs and detail the start and end time of their maintenance window. Additionally, clients will receive a two-hour reminder update before the maintenance event takes place, a ticket when the maintenance begins, and a final ticket when the maintenance for the identified VSIs are completed.
Recommended customer action
While we do not anticipate any problems with the reboots, all clients should back up all data from their virtual server instances.
Again, although there has yet to be a known exploit – IBM Cloud takes all threats seriously and is taking precautionary measures on behalf of our clients.