As the technology industry races to protect itself against major chip vulnerabilities disclosed yesterday, the cloud sector is no different.
All three major public cloud vendors have issued guidance for customers on how to protect against the bugs, which have been dubbed ‘Meltdown’ and ‘Spectre’.
Chips made by Intel, AMD and ARM manufacturers are all affected, meaning all manner of devices are implicated.
Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encyption keys or steal information from other applications.
GCP
“GCP has already been updated to prevent all known vulnerabilities,” it told customers. “Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.”
It did add that those using their own operating system with CGP might need additional updates and that some action was needed for Google Compute Engine and Google Kubernetes Engine customers.
AWS
Amazon Web Services (AWS) said its updates should be completed soon and urged customers to patch their instance operating systems and consult with any third party software vendor.
“AWS is aware of the issue described in CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754,” a spokesperson told Silicon. “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.
“All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours. We will keep customers apprised of additional information.”
Microsoft Azure
The company said the “majority” of Azure infrastructure had already been updated and that all planned maintenance had been brought forward following the public disclosure. Some customers had already been requested to ‘reboot’ their instances and the remainder would be rebooted in the immediate future.
Updates for Windows, Linux and Mac have all been patched following the discovery, although Intel hasn’t denied that this might impact performance. It did however say that most users wouldn’t notice the change.
What is clear though is just how far reaching the impact of these vulnerabilities has been. Indeed, it would hardly be hyperbole to suggest it is unprecedented.
To settle US federal and state claims over multiple data breaches, Marriott International agrees $52…
ByteDance's TikTok is laying off up to 500 employees as it moves to greater use…
In this episode, we uncover why most organisations aren’t ready to harness generative AI. We…
Mixed reactions as Elon Musk hypes $30,000 'self driving' robotaxi called Cybercab, as well as…
AMD unveils new AI and data centre chips as it seeks to improve challenge to…
AT&T and Verizon among US broadband providers reportedly hacked to target American government wiretapping platform