Patch fast to avoid chip security flaw if on Cloud: Experts

With chip giant Intel confirming a potential security flaw in its chips that is vulnerable to hacking, cyber security experts on Thursday advised enterprises running businesses on Cloud to install available security patches without delay.

Computer security experts have discovered two major security flaws in chips. One is called "Meltdown" that impacts only Intel chips while the other called "Spectre" affects all chips, including ARM and AMD.

It's a fairly major vulnerability and allows a malware to read memory of other processes.

"As they are hardware bugs, patching is a significant job. Patches against 'Meltdown' have been issued for Linux, Windows and OS X and work is underway to strengthen software against future exploitation of 'Spectre,'" said Senior Security Researchers Ido Naor and Jornt van der Wiel from Kaspersky Lab's Global Research and Analysis Team (GreAT).

Intel has a tool people can use to check if their systems are vulnerable to the bugs.

"It is vital that users install any available patches without delay. It will take time for attackers to figure out how to exploit the vulnerabilities -- providing a small but critical window for protection," the experts advised.

Microsoft on Thursday issued emergency updates to supported versions of Windows.

Intel said it was working with its tech partners such as AMD, ARM Holdings and several operating system vendors to develop an industry-wide approach to resolve this issue "promptly and constructively".

"This issue represents a higher risk in Cloud environments because it would be easy to create an AWS or Microsoft Azure account, start a new instance and then run the exploit to dump memory of the server which would be hosting many other instances of other customers," said K.K. Mookhey, CEO and Founder of Network Intelligence, a cyber security consulting firm.

Patches from most major software manufacturers have become available for "Meltdown". Most Cloud service providers have also rolled out patches and issued advisories.

"For the enterprise customers who are not on the Cloud, this issue isn't going to bring the skies crashing down as it's not remotely exploitable. So launching the attack would first require compromising the network and systems using some other means of attack," Mookhey noted.



(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel