Zombieload - New Intel CPUs Flaws like Meltdown and Spectre

Intel has published a security advisory regarding the new security flaw that has been found on its CPUs. In total there is four bug which may lead to information disclosure by allowing a malicious process to read data from another process running on the same CPU core, which is possible due to the use of buffers within the CPU core.

The Vulnerabilities allow attackers to gather sample data while switching between processes, then interpret the contents and read data from another process that is executing on the same CPU core.

All the four bugs which are-
  • Microarchitectural Store Buffer Data
    Sampling (MSBDS) - CVE-2018-12126
  • Microarchitectural Load Port Data Samping (MLPDS) - CVE-2018-12127
  • Microarchitectural Fill Buffer Data Sampling (MFBDS) - CVE-2018-12130
  • Microarchitectural Data Sampling Uncacheable Memory (MDSUM) - CVE-2019-11091
Among these, CVE-2018-12130 is reference to the most critical bug named 'ZombieLoad'. The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them.
Worst thing is that, the attack does not only work on personal computers but can also be exploited in the cloud.

Update it! Patch already Released 
Now there is good things is that Intel has already released a patch for these bugs as a Microcode Updates (MCU). All the users using various operating system like Windows, Linux, Mac and BSD are recommended to update their system as soon as they're available for their systems.

Furthermore, Intel has published a list of impacted products here, and you can see the status of available microcode updates here.

Patch Status for Operating System
Intel had more than a year to get this patched, and the company worked with various OS and software vendors to coordinate patches at both the hardware and software level. Both the hardware (Intel CPU microcode updates) and software (OS security updates) protections must be installed at the same time to fully mitigate MDS attacks.

Microsoft have also pushed the update for Windows and Windows Server, but also SQL Serverdatabases.

At this time, only two of Linux distribution Ubuntu and RedHat have pushed the update. 

Apple have also pushed the patch for MDS attacks with the MacOS Mojave 10.14. 5.

Google also made the updates for its several products, which can be found on this help page

Related Posts

Post a Comment

Subscribe Our Newsletter