Following up on a recent disclosure of security vulnerabilities affecting Intel, AMD, and ARM chipsets, technology companies are making an industry-wide effort to minimize their impact.
Dubbed Meltdown and Spectre, the bugs were first reported by Google’s Project Zero researchers on January 3.
They discovered that most modern processors allow unauthorized programs to observe privileged memory, circumventing expected privilege levels. PCs, mobile devices, and entire cloud infrastructures could be affected by these exploits.
Intel’s announcement followed shortly after the discovery, stating that the company “is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively.”
Intel also announced that it has already provided updates for most of the systems introduced within the past few years.
“By the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years.”
Major tech companies were also quick to provide updates for their systems. Microsoft, Apple, and Linux all reported that they would be providing patches as soon as possible.
At phoenixNAP, we are also taking steps to ensure our clients’ environments remain safe and communicate the issues.
While currently there are no known exploitations of these vulnerabilities, this is a significant industry-wide issue, and we take it seriously. We have already activated our cross-functional Incident Response (IR) team to review all our systems for potential vectors of exploitation.
Initial analysis shows that our diligent patch management process already deployed or is in the process of deploying the patches necessary to mitigate a large portion of the risk.
We will continue to manually validate this information and the adequacy of these patches to ensure the security of our systems. We are in active contact with our technology vendors, escalating where necessary, to get expedient access to information and patches.
The phoenixNAP team has identified the following major areas of focus:
Cloud Infrastructure
Initial review shows currently available patches necessary to mitigate the impact of this vulnerability were deployed or are currently being deployed across our cloud platform.
We are working closely with our vendors and are investigating the need for any additional patching. Any future patches will be deployed expediently and with no impact on our clients’ workload.
Storage Infrastructure
We are working with our vendors to perform an impact analysis, and identify if further mitigation is required.
As our storage infrastructure is secured, access monitored and restricted, the threat vector is minimal. If we determine that additional mitigating actions are required, we will deploy them with no anticipated impact on our storage infrastructure.
Client Operating Systems
To further minimize the impact on your infrastructure, our teams suggest the following steps:
- Pay particular attention to the systems and operating systems under your control. Updating or patching these operating systems is up to each individual customer.
- Consult with your vendors if you are running any potentially affected operating systems or software to better understand the potential implications.
- Finally, we also verified that Linux distribution repositories hosted by phoenixNAP are already up-to-date and contain the latest versions of the patched kernels.
As members of Infragard, the Arizona Cyber Threat Response Alliance (ACTRA) and the various Information Sharing and Analysis Centers (ISAC)s, we are interfacing with the latest real-time threat intelligence to actively monitor all future developments in this area.
We will be communicating and reacting to any threat vectors as they arise to ensure your platform is safe and secure.
If you have any further questions or concerns, our Support team is available to you 24/7 at +1.855.330.1509 or +1.480.646.5362.
