Unless you have been away on an extended, off-the-grid vacation for the first part of 2018 chances are you have heard about and are preparing for the Meltdown and Spectre vulnerabilities. The news hit the streets before a planned public announcement could be made by impacted companies, Intel, Apple and Microsoft to name a few. The issues stem to an architectural flaw in modern day microprocessors that could potentially allow sensitive data to be lifted from the processors by malicious code. While the two vulnerabilities exist for millions of devices worldwide, from laptops to Cloud computers, it is not known if any exploits exist that are currently taking advantage of them.
Guidance for SQL Server
To thwart those attempts software vendors like Microsoft, Apple and Google are releasing patches that will address the issue for the short term. A longer term redesign of the chips themselves may be in order to prevent future threats. And heads up, the software patches bring with them their own negative impact by way of a performance penalty reportedly up to 35% on some systems.
Testing the Patches
At SQL Watchmen we have been aware of the vulnerabilities since the information was first released and are doing everything we can to test the patches as they become available and will continue to advise our customers on what they can do to limit the performance impact, especially on their mission critical applications that rely on SQL Server as a backend database.
For a full technical description of the vulnerabilities you can read the published white papers for both Spectre and Meltdown here.
UPDATE: INTEL WARNS USERS NOT TO INSTALL IT’S FAULTY PATCH: http://www.businessinsider.com/intel-working-on-a-new-fix-for-the-spectre-meltdown-attacks-2018-1