Meltdown & Spectre: AWS, Azure & GCP Take Measures To Protect Cloud Customers

As the technology industry races to protect itself against major chip vulnerabilities disclosed yesterday, the cloud sector is no different.

All three major public cloud vendors have issued guidance for customers on how to protect against the bugs, which have been dubbed ‘Meltdown’ and ‘Spectre’.

Chips made by Intel, AMD and ARM manufacturers are all affected, meaning all manner of devices are implicated.

Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encyption keys or steal information from other applications.

GCP

Google’s Project Zero security team became aware of the flaws late last year and said it had been working to protect its services, including G Suite applications and Google Compute Platform (GCP).

“GCP has already been updated to prevent all known vulnerabilities,” it told customers. “Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.”

It did add that those using their own operating system with CGP might need additional updates and that some action was needed for Google Compute Engine and Google Kubernetes Engine customers.

Loading ...

AWS

Amazon Web Services (AWS) said its updates should be completed soon and urged customers to patch their instance operating systems and consult with any third party software vendor.

“AWS is aware of the issue described in CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754,” a spokesperson told Silicon. “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.

“All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours. We will keep customers apprised of additional information.”

Microsoft Azure

Microsoft said it had been aware of the vulnerabilities and had been working on fixes for some time. It added that it had not received any information that suggested the exploit was being used in the wild to attack Azure customers.

The company said the “majority” of Azure infrastructure had already been updated and that all planned maintenance had been brought forward following the public disclosure. Some customers had already been requested to ‘reboot’ their instances and the remainder would be rebooted in the immediate future.

Updates for Windows, Linux and Mac have all been patched following the discovery, although Intel hasn’t denied that this might impact performance. It did however say that most users wouldn’t notice the change.

What is clear though is just how far reaching the impact of these vulnerabilities has been. Indeed, it would hardly be hyperbole to suggest it is unprecedented.

Quiz: What can you remember about the cloud in 2017?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

NASA Helicopter Makes History With First Flight On Other Planet

Historic first flight of small helicopter on an offworld planet, after NASA successfully launches small…

34 mins ago

Rural Mobile Phone Masts To Be Heightened By 20 Percent

Government efforts to tackle rural not spots will see mobile phone masts being up to…

3 hours ago

Apple To Readmit Parler On App Store

Controversial social media app Parler is to be allowed back into Apple's App Store after…

5 hours ago

Two People Die As Tesla With No Driver Crashes

Autopillot abuse? Tesla car crash in Texas kills two passengers, with police reporting that no…

5 hours ago

UK Taskforce To Consider British Digital Currency

Fancy using Britcoin? Bank of England and HM Treasury taskforce is to explore the option…

6 hours ago