Intel announced Tuesday that it has discovered a new batch of vulnerabilities exploiting design flaws in its chips and released software patches that could impact storage-related workloads in data centers.
Like the Spectre and Meltdown vulnerabilities first disclosed in early 2018, the new batch takes advantage of side-channel vulnerabilities in the way Intel processors attempt to predict the next instruction they will have to execute. Unlike Spectre and Meltdown, chips from AMD and Arm are not affected by this newest group of vulnerabilities, which Intel is calling Microarchitectural Data Sampling and which some researchers are calling CPU.Fail.
Some of Intel’s newest Xeon chips contain hardware features that protect against attacks using these vulnerabilities, but servers using older chips will need to install software updates to mitigate the fallout. Those patches could impact storage-related workloads by up to nine percent if those chips are using Intel’s Hyperthreading technology, Intel said in a release.
Most likely, cloud customers won’t have to do anything, as was the case back in January 2018. Amazon Web Services said that all of its EC2 computing services have been updated with the mitigations recommended by Intel, and Microsoft released patches for Windows Server customers while assuring Azure customers that the systems running their workloads had been updated.
PC users are also affected by these new vulnerabilities and will need to patch their systems, but most users probably won’t notice any performance impact.
Eventually, Intel plans to redesign all of its processors in order to bypass these vulnerabilities, which are extra scary because it’s almost impossible to know whether or not sensitive data has been accessed, or if an attack occurred at all. Cloud providers upgrade their equipment at a pretty regular clip, but there are lots of sensitive workloads still running inside self-managed data centers on older equipment that will take years to cycle out.
[Editor’s note: This post was updated with additional information on Microsoft’s response to the new vulnerabilities.]