Another Xen Hypervisor Security Issue Pushes AWS, Rackspace to Reboot Cloud Servers

logo-WHIR

This article originally appeared at The WHIR

A new Xen hypervisor security issue is forcing cloud service providers Amazon Web Services and Rackspace to reboot cloud servers for the second time in five months.

According to a report by Gigaom on Friday, AWS told customers in a premium support bulletin that 10 percent of all EC2 instances will be affected and updated by March 10.

“We have built the capability to live-update the vast majority of our fleet; however, we have not yet enabled this capability on some of our older hardware. This older hardware is what’s being rebooted,” AWS said.

Rackspace said the update requires critical maintenance, and affects a portion of its First and Next Generation Cloud Servers. Its OnMetal Cloud Servers are not affected.

“While we do everything we can to minimize service interruptions, the security of your environment is our highest priority,” Rackspace said in a community post. “We understand that any downtime impacts your business and we do not make this decision lightly. In preparation for a potential reboot, we recommend that you take proactive steps to ensure your environment is configured to return to proper operations.”

Both providers are staggering the reboot so instances in different regions will not be rebooted at the same time.

In September, both AWS and Rackspace had to reboot parts of their clouds because of a security vulnerability affecting certain versions of XenServer. While there were no reports of compromised data, the vulnerability could have allowed those with malicious intent to read snippets of data belonging to others or to crash the host server through following a certain series of memory commands.

This article originally appeared at http://www.thewhir.com/web-hosting-news/another-xen-hypervisor-security-issue-pushes-aws-rackspace-reboot-cloud-servers