Meltdown and Spectre As It Pertains to the Cloud

Zachary Hill
Jan 4, 2018 · 2 min read

Yesterday information began to trickle out about the Meltdown and Spectre vulnerabilities. At ThinkStack we were speculating about the impact. This is the scariest vulnerability to date. But because it was so scary the reaction has largely been a swift reaction. In cases such as this, a vulnerability which spans many systems, the vulnerability is kept quiet for some time while all parties resolve the issue. Publicity on vulnerabilities like this often just allows the bad people an opportunity to exploit it before protections are in place.

The Good News

Intel, AMD, ARM, and all cloud providers were already notified of this issue back in June of 2017. This has allowed them ample time to resolve the vulnerability on their respective platforms.

As of 1/4/2018 all cloud platforms are reporting that they have resolved the vulnerability. Azure and AWS were both completing the final few percentages of affected systems the evening of 1/3/2018.

The Bad News

Microsoft, Android, Linux, and Unix are all pushing out patches to both server and workstation operating systems. This will take some time for those to propagate throughout the ecosystem. It’s very important to apply these patches as soon as possible. It’s important to note that even though the cloud subsystems are protected, the operating systems themselves still have vulnerabilities which are addressed in patches. Our recommendation is to run updates many times throughout the next two weeks. This should occur on all servers and workstations as the vulnerabilities are patched and as bugs are squashed.

The Ugly News

These issues have been in the wild now for many years, in the case of Spectre two decades. Researchers have yet to see a live implementation of the vulnerability, however, that doesn’t mean there haven’t been instances of exploitation. The fixes to ‘Meltdown’ may result in up to a 30% decrease in performance. Since the issue has been patched you’ve already been seeing the performance hit within each of the clouds. Amazon and Microsoft have both stated they have optimized around the issue to minimize the impact.

The technical world will be feeling the impact of this issue for years to come until the physical CPUs are replaced organically.

For further information please see the amazingly well written article at: https://meltdownattack.com/

Think|Stack

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store