Published: Sat, January 06, 2018
IT | By Lester Massey

Tech companies work to patch major computer vulnerabilities Meltdown and Spectre

Tech companies work to patch major computer vulnerabilities Meltdown and Spectre

Named Meltdown and Spectre, the vulnerabilities could allow attackers to obtain sensitive information from computers. Failure to patch known vulnerabilities is a factor that the ICO takes into account when determining whether a breach of the seventh principle of the Data Protection Act is serious enough to warrant a civil monetary penalty.

Chips made by Intel, AMD and ARM manufacturers are all affected, meaning all manner of devices are implicated.

Google's Project Zero security team became aware of the flaws late past year and said it had been working to protect its services, including G Suite applications and Google Compute Platform (GCP). The firmware updates for Surface prevent systems from being attacked.

The Spectre bug which exploits a new class of vulnerabilities in almost every single modern processor to date will continue to haunt enterprise security for some time and it is probable that new attack vectors (apart from the initial 3 discovered by the Google team) will be discovered with time but so far the impact seems to be fairly within control of the company. "Google Cloud is architected in a manner that enables us to update the environment while providing operational continuity for our customers". On most of our workloads, including our cloud infrastructure, we see negligible impact on performance. "This includes microcode from device OEMs and in some cases updates to AV software as well", the company said.


"The remaining ones will be completed in the next several hours, with associated instance maintenance notifications", AWS said.

In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers.

Microsoft said in a statement Thursday that it is not aware of any of these vulnerabilities being used against its customers. While the vast majority of Evident.io's compute systems have already been protected, there are a small number of secondary nodes that are scheduled to be patched immediately as the industry responds to these emerging threats.

Microsoft has also released updates for Windows 10, 8.1 and 7 operating systems to address the security vulnerabilities. Bypassing pre-fetch and going out to the disk to retrieve data avoids that vulnerability, but that extra work will impact performance.

Like this: