![](\"http:\/\/www.cloudcomputing-news.net\/media\/img\/news\/circuit-board-picture-id537368620.jpg\")
<\/p>\n<\/p>\n
Leading cloud providers have said they are aware of and working on securing systems after the disclosure of two major chip-level security vulnerabilities earlier this week.<\/p>\n
As first reported by The Register<\/a>, a ‘fundamental’ design flaw in Intel’s processor chips, dubbed Meltdown, was followed by another flaw, called Spectre, found in chips from Intel, AMD and ARM. The latter was confirmed by Google researchers in a blog post published yesterday<\/a>.<\/p>\n The key to the vulnerability is through a processor technique called ‘speculative execution’. In other words, modern processors can estimate what task needs to be done next, and if it is correct, then is executed in a much quicker time than otherwise. As the Google blog notes, malicious actors ‘could take advantage of speculative execution to read system memory that should have been inaccessible’, such as passwords or encryption keys.<\/p>\n So how does this affect cloud providers? A blogger going under the name of Python Sweetness asserted<\/a> on January 1 that the vulnerability will affect major cloud providers. “There are hints the attack impacts common virtualisation environments including Amazon EC2 and Google Compute Engine,” the post reads.<\/p>\n In a security bulletin<\/a>, Amazon Web Services (AWS) said ‘all but a small single-digit percentage of instances across the Amazon EC2 fleet’ were already protected. Microsoft said in a statement that it was “in the process of deploying mitigations to cloud services”, as well as releasing security updates. Google issued a bulletin<\/a> for its cloud products with Compute Engine, Kubernetes Engine, Cloud Dataflow and Cloud Dataproc requiring updates, while a statement<\/a> from Josh Feinblum, chief security officer at DigitalOcean, recommended server reboots for users and promised urgent maintenance if this was unsuccessful. <\/p>\n