Critical Server Vulnerabilities - CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715
Incident
Report for Liquid Web - Services
Resolved
The vulnerabilities known as Meltdown and Spectre impacted our entire industry. Addressing these vulnerabilities required operating system updates and reboots of nearly every piece of equipment in each of our data centers, and has required an enormous effort and much understanding from all of our customers to ensure that their servers are protected.
We are happy to say that as of 2/9/18 the vast majority of updates and reboots are complete. Individual customers are being contacted now to work towards a resolution for services requiring a manual update.
You can read more about these CVEs here: https://www.liquidweb.com/blog/need-know-meltdown-spectre/
We are happy to say that as of 2/9/18 the vast majority of updates and reboots are complete. Individual customers are being contacted now to work towards a resolution for services requiring a manual update.
You can read more about these CVEs here: https://www.liquidweb.com/blog/need-know-meltdown-spectre/
Update
Our next maintenance windows to patch our Cloud infrastructure and our customers servers that run on these will be on Wednesday, January 17th starting at 10pm ET through Thursday, January 18th at 8am ET. The second maintenance will be for our infrastructure in our Amsterdam facility and will run from Thursday, January 18th at 4pm ET (10pm CET) through Friday, January 19th at 12am ET (6am CET). All impacted customers have also been notified by main email contact on their account.
Update
Our maintenance window for updates and reboots has successfully patched most of our Cloud infrastructure and our customers servers that run on these. We are performing another maintenance window to perform additional patching and accompanying server reboots on Sunday, January 14th starting at 10pm ET and running through Monday, January 15th at 8am ET.
Update
We will be performing additional patching and accompanying server reboots starting on Wednesday, January 10th at 10pm ET through Thursday, January 11th at 9am ET.
Update
We're currently working through correcting an unexpected OS-related bug that did not present itself during our testing. This bug is causing extended downtime for a small sub-set of Liquid Web customers. We are working very diligently to bring these servers back online and apologize for any inconvenience caused.
Identified
Our initial round of patching for Cloud and VPS Linux Servers has been started. Infrastructure related reboots for Cloud and VPS Linux and Windows servers will be started after 10pm ET 1/5/18 and will run through 9am ET 1/6/18.
Our initial round of patching and reboots for Dedicated Linux Servers will be started after 10pm ET 1/5/18 and will run through 9am ET 1/6/18.
Our initial round of patching and reboots for Dedicated Linux Servers will be started after 10pm ET 1/5/18 and will run through 9am ET 1/6/18.
Investigating
As you may be aware, multiple server vulnerabilities were recently released. These vulnerabilities, known as “Meltdown” and “Spectre” or by their CVEs: CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715. We are aware of these vulnerabilities and are presently working on implementing available patches as soon as possible. Please check back here for further updates.
We are available to assist with any questions or concerns via livechat, email at support@liquidweb.com, or by telephone at (800)-580-4985, (517)-322-0434 (international).
We are available to assist with any questions or concerns via livechat, email at support@liquidweb.com, or by telephone at (800)-580-4985, (517)-322-0434 (international).