The flaw is said to allow unauthorized access to user data, including passwords and cached files.
AWS, Google, and Microsoft communicated to partners that they are working to prevent exploitation of their offerings. Solution providers have been advised to protect their end customers by supporting a modern security patching infrastructure that includes regular firmware updates from device manufacturers and software providers.
Microsoft has been working closely with chip manufacturers to develop and test mitigations to protect its customers to ensure Azure users aren't being exposed to vulnerabilities.
"The majority of Azure infrastructure has already been updated to address this vulnerability. Some aspects of Azure are still being updated and require a reboot of customer VMs for the security update to take effect," Microsoft said in its blog post about the chip flaws.
Providers are also being warned that before they install the patch issued by Microsoft to be aware the fix may not be compatible with their current antivirus software. Failure to do so may result in the infamous blue screen of death! To avoid this Microsoft has advised that the antivirus registry key MUST be updated before installing the patch.
Antivirus vendors are furiously working on updates to change keys so the update process can occur without any hitches.
Ross Brewer, vice president and managing director of EMEA at security intelligence firm LogRhythm, has made the following comments, “This is without doubt the most disturbing issue to hit the industry for decades - with all modern processors, computing devices and operating systems affected. This really is the big one, and everyone - consumers and businesses alike - must pay attention. Not only is the attack surface the biggest we’ve seen, with so many devices at risk globally, the exposure window is also huge as it is reliant on people voluntarily patching their systems, which obviously has a significant lag. Though Intel have vowed to make every machine virtually immune to known superbugs such as Spectre and Meltdown, there are reports emerging today that shares were sold just before the vulnerability came to light. Of course, if this turns out to be true, this would be a big concern as it doesn’t align to the trusted ‘Intel Inside’ brand values that we as consumers all signed up to.
“Fear aside, attention must turn to the ‘what now’. Countless headlines are no doubt confusing for those just wanting to know how best to preserve the security around their data. For businesses, it’s never been more critical to understand the real-time behaviour of users across their networks. As this vulnerability opens the door to theft of credentials, logins and other private information, any unusual network activity needs to be detected, investigated and remediated as soon as it occurs.
“Last year, we all witnessed what can happen when unpatched machines are used to spread malware worldwide - and it’s safe to say that nobody wants a repeat of that. Consumers must also take time to understand what’s happened and learn how they can protect their phones, watches, computers and other devices through patching. While these exploits and the mechanics to leverage them are not yet public and we aren’t seeing any widespread compromises, once they become known, hacker groups will likely be quick to exploit them as we have seen in the past. Without the right action now, this will become a very serious timebomb, and we really will be only as strong as our weakest link.”