In general, the multi-tenant security model does not rely on a malicious tenant being limited to any OS or patch (they can and always will be able to run whatever code they want including OS, and it's designed to still be secure). The cross-VM attacks we've seen actually go through the hypervisor, and since that is patched you should be fine if you're patched.
reply