Meltdown & Spectre: AWS, Azure & GCP Take Measures To Protect Cloud Customers

As the technology industry races to protect itself against major chip vulnerabilities disclosed yesterday, the cloud sector is no different.

All three major public cloud vendors have issued guidance for customers on how to protect against the bugs, which have been dubbed ‘Meltdown’ and ‘Spectre’.

Chips made by Intel, AMD and ARM manufacturers are all affected, meaning all manner of devices are implicated.

Essentially, the vulnerabilities affect the kernel of the chips and could allow an attacker to read information that should otherwise be inaccessible. This means an attacker could obtain passwords, encyption keys or steal information from other applications.

GCP

Google’s Project Zero security team became aware of the flaws late last year and said it had been working to protect its services, including G Suite applications and Google Compute Platform (GCP).

“GCP has already been updated to prevent all known vulnerabilities,” it told customers. “Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers. We used our VM Live Migration technology to perform the updates with no user impact, no forced maintenance windows and no required restarts.”

It did add that those using their own operating system with CGP might need additional updates and that some action was needed for Google Compute Engine and Google Kubernetes Engine customers.

Loading ...

AWS

Amazon Web Services (AWS) said its updates should be completed soon and urged customers to patch their instance operating systems and consult with any third party software vendor.

“AWS is aware of the issue described in CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754,” a spokesperson told Silicon. “This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM across servers, desktops, and mobile devices.

“All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours. We will keep customers apprised of additional information.”

Microsoft Azure

Microsoft said it had been aware of the vulnerabilities and had been working on fixes for some time. It added that it had not received any information that suggested the exploit was being used in the wild to attack Azure customers.

The company said the “majority” of Azure infrastructure had already been updated and that all planned maintenance had been brought forward following the public disclosure. Some customers had already been requested to ‘reboot’ their instances and the remainder would be rebooted in the immediate future.

Updates for Windows, Linux and Mac have all been patched following the discovery, although Intel hasn’t denied that this might impact performance. It did however say that most users wouldn’t notice the change.

What is clear though is just how far reaching the impact of these vulnerabilities has been. Indeed, it would hardly be hyperbole to suggest it is unprecedented.

Quiz: What can you remember about the cloud in 2017?

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

3 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago