& cplSiteName &

Intel Chip Vulnerability Sends Cloud Providers Into Patching Overdrive

Scott Ferguson

A significant security flaw in Intel's microprocessors sent all of the major public cloud providers into patching overdrive this week, even as many tried to play down the significance of this particular vulnerability.

Intel Corp. (Nasdaq: INTC), which is currently the world's second largest provider of microprocessors, is a significant player in the data center and cloud markets, and the company's x86 CPU underpins the infrastructures of the hyperscale facilities that support various public cloud platforms. (See Hyperscale Data Centers Continued to Grow in 2017.)

In response, Amazon Web Services Inc. , Microsoft Corp. (Nasdaq: MSFT) and Google (Nasdaq: GOOG) all sent out patching and security information to customers this week. While the flaw in the Intel chips cannot be fixed, the operating systems can be patched to prevent hackers from taking advantage of the vulnerability.

The flaw was first reported in a paper published by Graz University of Technology in Austria. Researchers found that by manipulating pre-executed commands within the chip, which help make data available faster, hackers can gain access to the content of the kernel memory.

(Source: Axonite via Pixabay)
(Source: Axonite via Pixabay)

This, in turn, can allow the hacker to gain access to encryption keys and other authentication details of whatever system the CPU is running in.

On Security Now, Curtis Franklin has a complete rundown of how the flaw works and the security implications. (See New Intel Vulnerability Hits Almost Everyone.)

Microsoft has the most at stake in this patching scramble.

Not only is the company's Azure platform the second-largest public cloud platform in the world, the company's Windows operating system is closely coupled with the x86 chip architecture and runs in a significant amount of global data centers.

However, to be fair, Linux operating systems need patching as well.

In a January 3 blog post, Microsoft noted that it is aware of the flaw and that once customers reboot their virtual machines (VMs), it would apply the patch. However, Redmond noted that it planned to accelerate its patching schedule this week to address the security issue.

"The majority of Azure infrastructure has already been updated to address this vulnerability," according to Wednesday's post. "Some aspects of Azure are still being updated and require a reboot of customer VMs for the security update to take effect. Many of you have received notification in recent weeks of a planned maintenance on Azure and have already rebooted your VMs to apply the fix, and no further action by you is required."

AWS, the world's largest public cloud provider, noted in its own post that this type of CPU flaw has been known for about 20 years and can affect AMD and ARM chips, as well as Intel processors. However, Amazon noted that a small percentage of its EC2 fleet was being patched to address the issue late Wednesday.

Amazon also noted that it is patching its own version of Linux and warning customers to look out for updates to Windows.

Keep up with the latest enterprise cloud news and insights. Sign up for the weekly Enterprise Cloud News newsletter.

In its own lengthy post, Google noted that some of the problems with the Intel vulnerability, specifically the flaw with "speculative execution" that helps optimize CPU performance, had been disclosed by its own Project Zero team in 2017.

The search giant also pushed up notification from January 9 to address the security issues that had been made public. A full Project Zero report on the flaw is also in the works.

"As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google's systems and our users' data. We have updated our systems and affected products to protect against this new type of attack," according to the post.

In addition to its own products and services, Google noted that some customer action might be needed to address concerns with its Google Compute Engine, Kubernetes Engine, Cloud Dataflow and Cloud Dataproc.

Related posts:

— Scott Ferguson, Editor, Enterprise Cloud News. Follow him on Twitter @sferguson_LR.

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Scott Ferguson
From its roots in industrial farm machinery and other equipment, John Deere has always looked for a technological edge. About 20 years ago, it was GPS and then 4G LTE. Now it's turning its attention to AI, machine learning and IoT.
Artificial intelligence and automation will become more integral to the enterprise, and 90% of all apps will have integrated AI capabilities by 2020, according to Oracle CEO Mark Hurd.
IBM is now offering access to Nvidia's Tesla V100 GPUs through its cloud offerings to help accelerate AI, HPC and other high-throughput workloads.
CIO Rhonda Gass is spearheading an effort to bring more automation and IoT to the factories making Stanley Black & Decker tools and other equipment.
Workday is looking to build out its machine learning and artificial intelligence capabilities with the acquisition of startup SkipFlag.
Featured Video
From The Founder
Light Reading founder Steve Saunders talks with VMware's Shekar Ayyar, who explains why cloud architectures are becoming more distributed, what that means for workloads, and why telcos can still be significant cloud services players.
Flash Poll
Upcoming Live Events
May 14-16, 2018, Austin Convention Center
May 14, 2018, Brazos Hall, Austin, Texas
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
I'm Back for the Future of Communications
Phil Harvey, US News Editor, 4/20/2018
Verizon: Lack of Interoperability, Consistency Slows Automation
Carol Wilson, Editor-at-large, 4/18/2018
AT&T Exec Dishes That He's Not So Hot on Rival-Partner Comcast
Mari Silbey, Senior Editor, Cable/Video, 4/19/2018
Facebook Hearings Were the TIP of the Data Iceberg
Dan Jones, Mobile Editor, 4/20/2018
Pay-for-Play Is a Sticking Point in Congress
Mari Silbey, Senior Editor, Cable/Video, 4/18/2018
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed