Microarchitectural Data Sampling (MDS) Advisory: On 14 May 2019, Intel released a statement regarding Microarchitectural Data Sampling (MDS), a significant security vulnerability that affects cloud providers with multi-tenant environments, including Rcs.is. In addition to the steps we are taking described on our blog, we strongly recommend that you update your internal Rcs.is kernels to ensure you have the latest available bug fixes and security patches.

Here are the steps to patch your Rcs.is for the Intel MDS vulnerability (also known as Zombieload) and to verify the patch applied successfully.

Upgrade the Rcs.is’s Kernel

Full steps, including explanations, for how to upgrade your Rcs.iss’ kernels can be found on our article How to Upgrade to the Latest Kernel. Make sure you power off and power on the Rcs.is when done, as explained in that article.

Verify Patch

If your Rcs.is is running a Linux OS (Ubuntu, Debian, CentOS, Fedora), you can use the following command to verify that it has been patched:

cat /sys/devices/system/cpu/vulnerabilities/mds

A patched Rcs.is returns:

Mitigation: Clear CPU buffers; SMT Host state unknown

That file path only exists if the Rcs.is has been patched, so an unpatched Rcs.is returns:

cat: /sys/devices/system/cpu/vulnerabilities/mds: No such file or directory

If you’re using FreeBSD, you can find more information on this FreeBSD Security Advisory.

Resources

• A Message About Intel’s Microarchitectural Data Sampling (MDS) Vulnerability - the Rcs.is blog
• Microarchitectural Data Sampling Advisory - Intel