"CacheOut" and "VRS": Not Affected

After the discovery of several security holes in processors over the last two years, two new vulnerabilities, "CacheOut" and "VRS", were disclosed this Monday. According to the current level of knowledge, the cloud services of are not affected by these new vulnerabilities, and there is no need for our customers to take action in this regard.

On 2020-01-27, two new vulnerabilities in recent Intel processors became known, one as "L1D Eviction Sampling" (L1DES) or "CacheOut", and the other as "Vector Register Sampling" (VRS).

Verification of our infrastructure has shown that your virtual servers operated at are not affected by the current vulnerabilities: the exact CPU models of our Intel-based compute hosts do not suffer from these flaws. AMD CPUs, such as those in our AMD-based compute hosts, which we introduced in the context of our new flavors featuring dedicated CPU cores, are not affected at all. Based on current information, our storage clusters and the peripheral systems of our cloud infrastructure also only contain CPUs that are not affected.

As early as May 2019, we decided to stop using "simultaneous multithreading" on all compute hosts, a feature that could make it easier to exploit the current gaps. Although our CPUs are not affected by the two current vulnerabilities from the outset, the recent discoveries confirm that our defensive approach is effective in minimizing the risk for our customers.

Therefore, there is currently no need for our customers to take action in connection with the two newly disclosed security vulnerabilities. It goes without saying that we are monitoring the situation closely and will take appropriate measures depending on the latest findings.

Should you have any questions in connection with our security measures, we will be happy to answer them for you.

Best regards,
Your team

Back to overview