• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win

1

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch

2

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

3

The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
TechPointCloud

Yikes! Cloud Users Should Prep For a New Wave of Security Fixes

Barb Darrow
By
Barb Darrow
Barb Darrow
Down Arrow Button Icon
Barb Darrow
By
Barb Darrow
Barb Darrow
Down Arrow Button Icon
December 14, 2015, 10:36 AM ET
155098795
Black storm cloudsPhotograph by Getty Images
Add Fortune on Google for similar content.

Stop me if you’ve heard this already: Some cloud providers—thus far IBM SoftLayer and Linode—have alerted customers about hurried-but-planned updates to their cloud infrastructure to come this week.

The culprit appears to be another vulnerability to the Xen hypervisor that many cloud providers rely on to pack lots of workloads onto shared computer servers.

Over the weekend, IBM(IBM) alerted customers of a “planned event” to fix a potential vulnerability affecting its Virtual Server Instances or VSIs. The fix or remediation will require that its hypervisor nodes be maintained and the VSIs that run on those nodes be restarted, according to the notice.

Affected cloud data centers will be updated during a six-hour window between 10 a.m. and 4 p.m. Eastern Standard Time on Tuesday, December 15. An IBM spokeswoman said the company performs global updates to protect clients from vulnerabilities identified on its virtual services. In this case, it alerted “a small number” of customers affected by this Xen issue.

Linode, a smaller cloud and hosting provider based in New Jersey, likewise alerted customers Sunday of needed maintenance.

In a status post Sunday, Linode referenced “several Xen Security Advisories” that require that its host servers be updated, which means fixed and rebooted. That has to happen before December 17 when the Xen project team disclose the updates publicly.

Fortune reached out to other cloud providers for comment and will update this story as needed.

A Rackspace spokeswoman said the company is not conducting reboots and no action is needed at this time but acknowledged that security issues evolve so that could change. The company’s support team will contact customers if there is a change, she noted via email.

The reason all of this may ring a bell is because in late September 2014, a Xen vulnerability forced public cloud providers—including Amazon Web Services (AMZN), IBM, and Rackspace (RAX)—to quickly alert customers about the need to reboot systems to keep hackers from exploiting security gaps. Then a few months later, the same process was repeated with the serious Venom bug.

Finding and fixing vulnerabilities is a delicate business. The goal is to fix the holes quickly and discretely, ideally without disruption to customers, before the flaws can be exploited by evil doers. The process is described in the Xen Security blog:

If a vulnerability is not already public, we would like to notify significant distributors and operators of Xen so that they can prepare patched software in advance. This will help minimize the degree to which there are Xen users who are vulnerable but can’t get patches.

If past is prelude, expect more cloud providers to start alerting customers of maintenance windows as well. Amazon uses its own highly customized versions of the Xen hypervisor. and Google Compute Engine uses KVM, another open-source hypervisor that is presumably unaffected by this flaw.

Google has said its “live migration” capabilities helps it perform fixes fluidly, while Microsoft Azure uses the company’s Hyper-V hypervisor.

Interestingly, while Amazon estimated that perhaps 10% of its Elastic Compute Cloud (EC2) customers were affected by reboots in the September 2014 fix flurry, it said that number was drastically pared to less than 0.1% during the Venom kerfuffle, showing that Amazon has also hit upon a better way to perform rolling updates. Whether that is another form of live migration or some hot patching capability is unclear.

As Fortune’s Robert Hackett explained at the time, the Venom flaw was particularly scary. In theory the virtual machines running applications in the cloud ensure that Customer A’s workload on a given virtual machine will not impact Customer B’s workload also running one the same system. It’s an efficient way to harness computing resources while also purportedly isolating them from each other.

But with Venom, or potentially other hypervisor flaws, a bad guy could conceivably move from one virtual machine into another at will. As Jason Geffner, CrowdStrike principal security researcher, told Fortune at the time: “This bug lets you escape a container and get into all other containers.”

That raises the specter of some hacker breaking into and perhaps taking or corrupting your data. Not a pretty picture.

Phew! You can see why tech providers want to act quickly and quietly to fix what’s ailing them.

This report will be updated as needed during the day.

For more from Barb, follow her on Twitter at @gigabarb, read her coverage at fortune.com/barb-darrow or subscribe via this RSS feed.

Make sure to subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology.

For more on the Venom vulnerability check out the Fortune video below:

This report was updated at 10:52 a.m. EST with comments from IBM and Rackspace and again at 10:00 a.m. EST on December 15 to note that Google Compute Engine relies on the KVM hypervisor, not Xen as previously stated.

 

 

About the Author
Barb Darrow
By Barb Darrow
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

How foodservice giant Sodexo is embracing AI and robotics to reshape the kitchen
NewslettersCIO Intelligence
How foodservice giant Sodexo is embracing AI and robotics to reshape the kitchen
By John KellJuly 1, 2026
11 hours ago
Anthropic CEO Dario Amodei
AIAnthropic
Anthropic’s AI models are back online after a two-week government standoff—settling the company and administration into a fragile truce
By Tristan BoveJuly 1, 2026
11 hours ago
Nikesh Arora, chief executive officer at Palo Alto Networks
SuccessJobs
CEO of $248 billion cybersecurity company says workers are about to face a ‘Darwinian moment’ thanks to AI: Evolve or get cut
By Emma BurleighJuly 1, 2026
12 hours ago
Current price of Ethereum for July 1, 2026
Personal FinanceEthereum
Current price of Ethereum for July 1, 2026
By Joseph HostetlerJuly 1, 2026
14 hours ago
In this photo illustration, a Cisco logo is displayed on a smartphone with Artificial Intellingence (AI) symbols in the background.
AICFO Daily
Cisco is rolling out AI agents to every single one of its 90,000 employees
By Sheryl EstradaJuly 1, 2026
15 hours ago
senate
CommentaryCongress
One rare bipartisan AI bill is moving through Congress. Here’s why it deserves to pass
By Neil Björkman and Betsy BrewerJuly 1, 2026
16 hours ago

Most Popular

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big Tech
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
20 hours ago
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
7 days ago
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
Newsletters
The Supreme Court's birthright citizenship ruling hands the U.S. economy a $7.7 trillion win
By Diane BradyJuly 1, 2026
18 hours ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
5 days ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
Current price of oil as of July 1, 2026
Personal Finance
Current price of oil as of July 1, 2026
By Joseph HostetlerJuly 1, 2026
15 hours ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.