Several cloud vendors began responding to the chip kernel vulnerability that has the industry reeling today. Each Infrastructure as a Service vendor clearly has a stake here because each one is selling CPU cycles on their platforms.
TechCrunch sent a request for comment to six major cloud vendors including AWS, Microsoft, Google, IBM, Rackspace and DigitalOcean. At the time of publication, we had heard directly from three of the companies: Microsoft, Rackspace and DigitalOcean. In the case of Google, we learned their response indirectly through a published blog post. We have not yet heard from AWS or IBM.
“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and are releasing security updates today to protect Windows customers against vulnerabilities affecting supported hardware chips from AMD, ARM and Intel. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.”
“As soon as we learned of this new class of attack, our security and product development teams mobilized to defend Google’s systems and our users’ data. We have updated our systems and affected products to protect against this new type of attack. We also collaborated with hardware and software manufacturers across the industry to help protect their users and the broader web. These efforts have included collaborative analysis and the development of novel mitigations.” (See here, here, here and here for additional blog posts from Google outlining their responses.)
“DigitalOcean has been actively investigating the Intel chip issue which was disclosed earlier today. We’ve been working to gather as much information as we can to ensure our customers remain protected. Intel unfortunately has not made it easy to get a full picture of the issue due to their information embargo.
At this time we are working under the assumption that this flaw will impact all of our customers and we’re presuming that rebooting Droplets (a DigitalOcean cloud server) will be necessary. We will be providing advanced notification to any and all customers impacted as we learn more.
This is a developing issue and we are unable to forecast timeframes for implementing a fix at this time.”
(See DigitalOcean’s blog post for additional details.)
“On 2 January 2018, Rackspace was made aware of a suspected Intel CPU architecture vulnerability. The full extent and performance impact of this vulnerability and potential remediation are currently unknown as the vulnerability has not yet been publicly disclosed.
Our engineers are engaging with the appropriate vendors and reviewing the Rackspace environment and will take appropriate action. Should actions that would impact customer environments be taken Rackspace will communicate to affected customers.”
Should additional responses become available, we will continue to update this article.
Featured Image: Terry Why/Getty Images