Highlighted
Enthusiast
Enthusiast

Risk with Public Cloud from Meltdown / Spectre

Jump to solution

I know this has been talked about over and over again, but I can't seem to find a definitive answer to one question. People ask, "what should be patched"? Answer, everything including the guest OS.

What is not clear especially with public cloud providers using VMware for the hypervisor. In a shared environment, can a customer log into their guest OS and potential steal information from other guest OSes running on the same ESXi hypervisor?

https://tactsol.com https://vmware.solutions
Tags (1)
0 Kudos
1 Solution

Accepted Solutions
Highlighted
Enthusiast
Enthusiast

Seem so....

"Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host."

[Security-announce] NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side...

View solution in original post

5 Replies
Highlighted
Enthusiast
Enthusiast

From everything I've read, what you just described is the main threat of these vulnerabilities.  Customer A has a VM running on the same host as Customer B, and an exploit could intercept data at the processor level.

I work on a private cloud, so our customers don't have to worry in this regard since they don't share their blades with anyone. If someone gets access to their guest VMs, they have bigger things to worry about than Meltdown and Spectre

0 Kudos
Highlighted
Enthusiast
Enthusiast

It is much larger than what I described. Affects nearly every PC/server out there. An exploit with your Internet browser can allow someone to also exploit meltdown or spectre. So private or shared, the risk is still huge.

But still have yet to read a guest OS on ESXi can compromised all VMs running on that server. If that is the case, why would companies, especially healthcare, financial, etc. risk putting any resources in public cloud?

https://tactsol.com https://vmware.solutions
0 Kudos
Highlighted
Enthusiast
Enthusiast

Seem so....

"Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host."

[Security-announce] NEW VMSA VMSA-2018-0002 VMware ESXi, Workstation and Fusion updates address side...

View solution in original post

Highlighted
Enthusiast
Enthusiast

But again, I'm just providing the platform. We don't provide support into their OS.  I was just making the point that between our cloud and public cloud, a customer doesn't have to worry about who they are sharing their host with.

I personally don't see how anyone sleeps at night when they're on a public cloud.

As far as the risk, the exploits are able to see into the caches of the processors, so they can intercept all data being processed which includes intercepting passwords, etc.  The exploits don't just see the data from their guest OS.

0 Kudos
Highlighted
Enthusiast
Enthusiast

Amazon's stock is up over 200 points this year. I guess people aren't too concerned. 🙂

https://tactsol.com https://vmware.solutions
0 Kudos