San Francisco/New Delhi, Jan 4 : Global tech firms on Thursday rushed to fix flaws that hackers can exploit to steal sensitive data from computing devices amid reports that there are two potential security bugs in Intel and other chip vendors’ products.
Microsoft on Thursday issued emergency updates to supported versions of Windows. Amazon and Google were reportedly working on security updates to their Cloud services and other products.
“We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers,” Microsoft said in a statement to The Verge.
“We are in the process of deploying mitigations to Cloud services and have also released security updates to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD,” the company added.
Intel said it was working with many other technology companies such as AMD, ARM Holdings and several operating system vendors to develop an industry-wide approach to resolve this issue “promptly and constructively”.
Intel said the vulnerability, discovered by a British tech website the Register, was not unique to Intel products, Xinhua news agency reported.
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect. Based on the analysis to date, many types of computing devices — with many different vendors’ processors and operating systems – are susceptible to these exploits,” Intel said in a statement.
“Intel has begun providing software and firmware updates to mitigate these exploits,” the chip maker added.
Meanwhile, cyber security experts advised enterprises running businesses on Cloud to instal available security patches without delay.
There are two major security flaws in chips. One is called “Meltdown” that impacts only Intel chips while the other, called “Spectre”, affects all chips including ARM and AMD.
“As these are hardware bugs, patching is a significant job. Patches against ‘Meltdown’ have been issued for Linux, Windows and OS X and work is underway to strengthen software against future exploitation of ‘Spectre,'” said Senior Security Researchers Ido Naor and Jornt van der Wiel from Kaspersky Lab’s Global Research and Analysis Team (GreAT).
Intel has a tool people can use to check if their systems are vulnerable to the bugs.
“It is vital that users instal any available patches without delay. It will take time for attackers to figure out how to exploit the vulnerabilities — providing a small but critical window for protection,” the experts advised.
“This issue represents a higher risk in Cloud environments because it would be easy to create an AWS or Microsoft Azure account, start a new instance and then run the exploit to dump memory of the server which would be hosting many other instances of other customers,” said K.K. Mookhey, CEO and Founder of Network Intelligence, a cyber security consulting firm.