News
(Updated on 14 December 2020) Announcement about CPU vulnerability (CVE-2017-5754 (Meltdown) / CVE-2017-5715 and CVE-2017-5753 (Spectre))
[2020/12/14] Updated timeline of Version up maintenance for further impact mitigation in ECL2.0
[2020/6/17]Updated information about Enterprise Cloud 2.0 service
[2019/2/18]Updated information about Enterprise Cloud 2.0 service [2018/12/25]Update information about Enterprise Cloud 1.0 and Enterprise Cloud 2.0 service. [2018/11/26]Updated information about Enterprise Cloud 2.0 service [2018/11/12]Updated information on FAQ about Enterprise Cloud 2.0 service[2018/8/2] Updated status about Enterprise Cloud service
[2018/5/17] Updated status about Enterprise Cloud 2.0 service
[2018/4/13] Updated status about Enterprise Cloud 2.0 service infrastructure
This is an important notification for Enterprise Cloud 1.0 and 2.0 Services re: security vulnerabilities – CVE-2017-5754 (Meltdown) and CVE-2017-5715 & CVE-2017-5753 (Spectre). Here is our current status on mitigating these security risks.
Solution
In order to mitigate this risk, software update is required for Service Infrastructure and Customer OS and Hypervisor.
| Service infrastructure | Customer OS and Hypervisor | |
| CVE-2017-5754(Meltdown) | It is confirmed that we have completed all required update for Service Infrastructure. | For customer environment, update needs to be performed by customers. We recommend applying the patches provided by software vendors on customer OS and hypervisors to mitigate the security risks found in their environment. Customer should also plan to apply patches when they create their own servers from Private Catalog or image storage area.
Also, software update is available for web browsers and applications. We recommend customer to check the latest information provided by vendors, and try to keep your application updated as needed. The customer using Baremetal servers needs to update the firmware by themselves. We are currently waiting for vendors to provide firmware patches and procedures for required preventative actions. We will provide further information once firmware update procedure is confirmed. There is no need to update firmware for Virtual Server service. |
|
CVE-2017-5715,
CVE-2017-5753(Spectre) |
We are currently working with vendors to review and test the update required for mitigating these security vulnerabilities. We will provide notification in advance to customers if the update maintenance would affect the service and customer resources.*1 | For customer environment, update needs to be performed by customers. We recommend applying the patches provided by software vendors on customer OS and hypervisors to mitigate the security risks found in their environment. Customer should also plan to apply patches when they create their own servers from Private Catalog or image storage area.
Also, software update is available for web browsers and applications. We recommend customer to check the latest information provided by vendors, and try to keep your application updated as needed. The customer using Baremetal servers needs to update the firmware by themselves. We are currently waiting for vendors to provide firmware patches and procedures for required preventative actions. We will provide further information once firmware update procedure is confirmed. There is no need to update firmware for Virtual Server service. |
*1 Update about Service infrastructure of Enterprise Cloud Virtual Server (2020/6/17 Updated)
| Enterprise
Cloud1.0 |
We are progressing the service infrastructure response sequentially. It is expected that the response to alleviate vulnerability as the following schedule;
– Data centers in Japan; Yokohama 1st, Kansai 1 (including Kansai 1a) and Saitama 1st data center Completed response to alleviate vulnerabilities in July 2018, and also completed upgrading the version in order to reduce further influence. – Other data centers; Complete alleviating vulnerabilities in UK and France data center in December 2018. In order to make vulnerability mitigation correspondence effective, it is necessary to stop/start VM after corresponding on the service infrastructure side. In addition, some customers need to upgrade the hardware version of the VM. After completion of service infrastructure of each data center, the function to update hardware version will be enabled, and notification e-mail will be sent to users of the data center. VM is needed to stop/start and update of hardware version by customer side. To update of hardware version, please refer to the procedure here |
| Enterprise
Cloud 2.0 |
1.Service infrastructure ・Hypervisor hosts for Red Hat Enterprise Linux and Windows Server 2016 VMs We completed mitigating the vulnerability on all hypervisor hosts in all areas.
・Hypervisor hosts for all VMs except Red Hat Enterprise Linux and Windows Server 2016 VMs (including firewall, load balancer, and network-based security) We completed mitigating the vulnerability on all hypervisor hosts in all areas.
・Version up maintenance for further impact mitigation Vulnerability countermeasures for the infrastructure of Enterprise Cloud 2.0 were completed in December 2018, but version up maintenance will be carried out from June 2020 to June 2021 in order to further mitigate the impact. There is no service impact caused by this maintenance.
2.Impact on performance ・Impact on performance regarding VM Customers may not find any impact on performance by the mitigation to hypervisor hosts, however, customer might find some impact on performance after deploying the patch to Guest OS. Customers can refer to the result of Unixbench tests about before/after vulnerability mitigation to hypervisor and patch application to Guest OS . “What actions NTT Com took for CPU vulnerability(CVE-2017-5715 and CVE-2017-5753(Spectre) ) ? “ /en/faq/2.0/virtual-server-81/ [2018/11/9] Updated information about impact on performance
・Impact on performance regarding Firewall, Load balancer and Network-Based Security Please refer to the following page for performance measurement results of firewall, load balancer and Network-Based Security(Managed FW/UTM/WAF ) after the service infrastructure correspondence. (reference)Performance measurement result of firewall /en/documents/tutorials/rsts/Firewall/vyatta/performance.html (reference)Performance measurement result of load balancer /en/documents/tutorials/rsts/LoadBalancer/netscaler-vpx/performance.html (reference) Performance measurement result of Managed FW/UTM /en/documents/tutorials/security/rsts/security/operation/managed_firewall_utm/8120_performance.html (reference) Performance measurement result of Managed WAF /en/documents/tutorials/security/rsts/security/operation/managed_waf/8120_performance.html |
Thank you for understanding and we appreciate your business with us.