Cloud leaders Amazon Web Services, Google, and Microsoft have told partners and customers that they are working on updates and patches to their platforms and services to protect against the two significant chip-level security vulnerabilities – Meltdown and Spectre – that were revealed this week by researchers and academics.
Meltdown is a hardware vulnerability affecting laptops, desktop computers and internet servers using Intel x86 microprocessors. The flaw is said to allow unauthorized access to user data, including passwords and cached files.
Spectre, the less serious of the two security flaws, is a bug affecting smartphones, tablets, and computer chips from several vendors, including Intel, Advanced Micro Devices Inc. (AMD) and ARM. Spectre lets hackers manipulate applications into leaking sensitive information. Researchers that discovered the vulnerabilities on the chips said that between Meltdown and Spectre, nearly every modern computer and mobile device is impacted.
AWS, Google, and Microsoft communicated to partners and end users that they are aware of the security issues and have been working to prevent exploitation of their offerings. Solution providers can help protect their end customers by supporting a modern security patching infrastructure that includes regular firmware updates from device manufacturers and software providers.
"It’s just another reminder that in 2018, partners need to be helping customers move to a model in which features are introduced monthly or quarterly, and security patches are introduced daily or weekly," said Reed Wiedower, chief technology officer for New Signature, a top Microsoft Azure partner.
The solution providers that support regular updates will be generally well protected from Meltdown and similar exploits, Wiedower said.
"By contrast, partners and customers that don’t patch their operating systems on a real-time basis are going to be put into a bit of a bind as they move forward," he added.
Microsoft told CNBC on Wednesday that it has been working closely with chip manufacturers to develop and test mitigations to protect its customers. The company is also making sure that Azure users aren't being exposed to vulnerabilities.
"The majority of Azure infrastructure has already been updated to address this vulnerability. Some aspects of Azure are still being updated and require a reboot of customer VMs for the security update to take effect," Microsoft said in its blog post about the chip flaws.
As a further precaution, Microsoft told customers that it decided to accelerate its planned maintenance and began automatically rebooting the remaining impacted VMs on Wednesday afternoon. However, the company said that the majority of Azure customers wouldn't see a noticeable performance impact with the latest update.
In addition to its cloud patching efforts, Microsoft also said that it is updating its Edge and Internet Explorer browsers.