Chip
Article Security January 4, 2018

CPU Security Issue Fixed More Easily in the Cloud

By now you’ve probably heard about the decades-old flaw in Intel, AMD and ARM CPUs that could expose the contents of private memory to a dedicated hacker. The flaw was actually detected in late 2017, by Google Project Zero, who alerted computing and operating system vendors, like Red Hat, but also cloud platforms like Microsoft, AWS and of course, Google Cloud, of the vulnerability. They quickly developed patches for the issue. While the update was scheduled for January 9th, press reports and discussions in the security community led them to accelerate that to yesterday, January 3rd.

In fact, you may have received an email from your cloud provider notifying you of this important update. Amazon posted details here, Microsoft did the same, as did Google.

Chip

Whether you operate in the cloud, on-premise, or both, this effects you. But for servers in the cloud, such fixes can go a little more smoothly than if you had to patch running systems in your data center. As mentioned above, all of the major cloud platforms have already patched the issue for new instances, and provided instructions for updating existing instances. The cloud approach makes it easy to avoid downtime as new, corrected instances can spin up to handle the load while old instances are retired. Containers and hypervisors can further ensure uptime thanks to virtualization.

There will likely be more security flaws discovered in the future… that’s the nature of technology. But cloud users, knowing that the full force of AWS, Microsoft and others are there to detect, fix, and deploy updates, literally overnight (AWS rolled out their fix at 10:45pm June 3rd) should be able to sleep better!

Related Resources