Meltdown & Spectre: AWS, Azure & GCP Take Measures To Protect Cloud Customers

As the technology industry races to protect itself against major chip vulnerabilities disclosed yesterday, the cloud sector is no different.

All three major public cloud vendors have issued guidance for customers on how to protect against the bugs, which have been dubbed ‘Meltdown’ and ‘Spectre’.

Chips made by Intel, AMD and ARM manufacturers are all affected, meaning all manner of devices are implicated.

Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encyption keys or steal information from other applications.

GCP

Google’s Project Zero security team became aware of the flaws late last year and said it had been working to protect its services, including G Suite applications and Google Compute Platform (GCP).

“GCP has already been updated to prevent all known vulnerabilities,” it told customers. “Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.”

It did add that those using their own operating system with CGP might need additional updates and that some action was needed for Google Compute Engine and Google Kubernetes Engine customers.

Loading ...

AWS

Amazon Web Services (AWS) said its updates should be completed soon and urged customers to patch their instance operating systems and consult with any third party software vendor.

“AWS is aware of the issue described in CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754,” a spokesperson told Silicon. “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.

“All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours. We will keep customers apprised of additional information.”

Microsoft Azure

Microsoft said it had been aware of the vulnerabilities and had been working on fixes for some time. It added that it had not received any information that suggested the exploit was being used in the wild to attack Azure customers.

The company said the “majority” of Azure infrastructure had already been updated and that all planned maintenance had been brought forward following the public disclosure. Some customers had already been requested to ‘reboot’ their instances and the remainder would be rebooted in the immediate future.

Updates for Windows, Linux and Mac have all been patched following the discovery, although Intel hasn’t denied that this might impact performance. It did however say that most users wouldn’t notice the change.

What is clear though is just how far reaching the impact of these vulnerabilities has been. Indeed, it would hardly be hyperbole to suggest it is unprecedented.

Quiz: What can you remember about the cloud in 2017?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Patient Dies In Germany After Hospital Ransomware Attack

Real world consequence of ransomware attacks. A female patient has died as a result of…

58 mins ago

Tesla Driver Charged For Sleeping As Car Drove At 90mph

Unbelievable! Driver in Canada charged with dangerous driving, after he slept in fully reclined seat…

2 hours ago

ByteDance Majority Stake Puts Oracle-TikTok Deal At Risk – Report

Plan to keep majority stake in TikTok, will hinder White House approval reports suggest, as…

21 hours ago

Nintendo Shuts the Lid On 3DS

Nearly a decade after it first launched, Japanese gaming giant Nintendo discontinues its popular 3DS…

22 hours ago

Aussie Regulator Refuses To Back Down After Facebook News Warning

Blunt warning from Facebook about blocking news sharing down under, receives equally blunt response from…

23 hours ago

Academic Sector Warned Of Cyber Threat By NCSC

Universities and schools are being warned by UK's cyber guardian of threats posed to their…

24 hours ago