Previous All Posts Next

Intel Zombieland Fix Threatens Processor Performance

Posted: May 9, 2019 to Cybersecurity.

Tags: Data Breach, Malware, Cloud Security

"Zombieload" vulnerabilities of the microarchitectural data sampling (MDS) variety have been discovered by researchers Michael Schwarz, Moritz Lipp, and Daniel Gruss at Graz University of Technology in Austria, as well as Jo Van Bulk at Belgium's KU Leuven. These latest flaws in Intel processors can be utilized by attackers to steal private data from PCs and servers, cloud environments, and virtual machines. Researchers say that any Intel Core or Xeon CPU released after 2011 is vulnerable. "ZombieLoad is a novel category of side-channel attacks," said the researchers in their blog post, "which we refer to as data-sampling attack. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys." The four vulnerabilities that comprise ZombieLoad are: CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS) CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) Red Hat released a security alert that warns the flaw is particularly dangerous on public clouds running untrusted workloads in shared-tenancy environments, and the flaw applies to users of Andoird, Chrome, iOS, Linux, MacOS, and Windows operating systems. While the Intel patches released help prevent the vulnerabilities from being exploited, the only way to truly block an attack is to disable hyperthreading. Unfortunately, disabling hyperthreading may reduce processor performance by up to 9 percent, particularly in some cloud environments. "Some current processors and future processors will have microarchitectural data sampling methods mitigated in the hardware," Intel says. "For processors that are affected, the mitigation for microarchitectural data sampling issues includes overwriting store buffers, fill buffers, and load ports before transitioning to possibly less-privileged code." Whether Zombieland vulnerabilities have been utilized in the wild is not known. Amazon and Google have already applied patches to their cloud environments. Apple included the fixes as part of their Mojave and Safari updates.

Related Articles

Joplin vs. Obsidian: Which Note-Taking App Fits Your Workflow? Joplin vs. Obsidian: Which Note-Taking App Fits Your Workflow? Contested Intelligence Contested Intelligence MLX + Exo: Unlocking Apple Silicon’s ML Performance MLX + Exo: Unlocking Apple Silicon’s ML Performance The Enterprise Copilot Blueprint: Secure Architecture, Real ROI The Enterprise Copilot Blueprint: Secure Architecture, Real ROI
Craig Petronella
Craig Petronella
CEO & Founder, Petronella Technology Group | CMMC Registered Practitioner

Craig Petronella is a cybersecurity expert with over 24 years of experience protecting businesses from cyber threats. As founder of Petronella Technology Group, he has helped over 2,500 organizations strengthen their security posture, achieve compliance, and respond to incidents.

LinkedIn Twitter About
Related Service
Protect Your Business with Our Cybersecurity Services

Our proprietary 39-layer ZeroHack cybersecurity stack defends your organization 24/7.

Explore Cybersecurity Services
Previous All Posts Next