TechCrunch sent a request to major cloud vendors regarding thoughts on the chip kernel vulnerability in Intel, ARM and AMD processors
It is feared that the security flaws in the processors, Meltdown and Specture, are being used to access passwords, login details, and other private information.
AWS
“This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD and ARM across servers, desktops and mobile devices. All but a small single-digit percentage of instances across the Amazon EC2 fleet are already protected. The remaining ones will be completed in the next several hours, with associated instance maintenance notifications,” said AWS in a blog post.
“While the updates AWS performs protect underlying infrastructure, in order to be fully protected against these issues, customers must also patch their instance operating systems. Updates for Amazon Linux have been made available, and instructions for updating existing instances are provided further below along with any other AWS-related guidance relevant to this bulletin.”
Microsoft
“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM, and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers,” revealed Microsoft to TechCrunch.
“As soon as we learned of this new class of attack, our security and product development teams mobilised to defend Google’s systems and our users’ data. We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web. These efforts have included collaborative analysis and the development of novel mitigations,” Google revealed in a blog post.
DigitalOcean
Digital Ocean admitted to TechCrunch: “DigitalOcean has been actively investigating the Intel chip issue which was disclosed earlier today. We’ve been working to gather as much information as we can to ensure our customers remain protected. Intel, unfortunately, has not made it easy to get a full picture of the issue due to their information embargo.
“At this time we are working under the assumption that this flaw will impact all of our customers and we’re presuming that rebooting Droplets (a DigitalOcean cloud server) will be necessary. We will be providing advanced notification to any and all customers impacted as we learn more.
“This is a developing issue and we are unable to forecast timeframes for implementing a fix at this time.”
Rackspace
“On 2 January 2018, Rackspace was made aware of a suspected Intel CPU architecture vulnerability. The full extent and performance impact of this vulnerability and potential remediation are currently unknown as the vulnerability has not yet been publicly disclosed,” Rackspace announced to TechCrunch.
“Our engineers are engaging with the appropriate vendors and reviewing the Rackspace environment and will take appropriate action. Should actions that would impact customer environments be taken Rackspace will communicate to affected customers.”
