A year and a half after the words “Meltdown” and “Spectre” entered the cybersecurity vernacular, chip maker Intel has disclosed another major vulnerability affecting a significant number of its CPUs. Here’s Wired:
Today Intel and a coordinated supergroup of microarchitecture security researchers are together announcing a new, serious form of hackable vulnerability in Intel’s chips. It’s four distinct attacks, in fact, though all of them use a similar technique, and all are capable of siphoning a stream of potentially sensitive data from a computer’s CPU to an attacker.
It’s become fashionable in cybersecurity circles for exploits and vulnerabilities to be given names (think Heartbleed and WannaCry). The attacks disclosed today by Intel have been given the names ZombieLoad, Fallout, and RIDL, or Rogue In-Flight Data Load by researchers.
Intel, meanwhile, came up with a much duller name to describe the vulnerability: Microarchitectural Data Sampling, or MDS, which would fit well into a paragraph loaded with other corporate mumbo-jumbo.
How do the attacks work? Here’s an explanation from the researchers:
The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites. Our attacks leak data by exploiting the newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs.
Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to obtain sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.
Intel’s newest CPUs don’t suffer from MDS vulnerabilities, but most Intel CPUs made since 2008 do. Chips made by ARM and AMD are not affected.
The researchers recommend disabling Intel® Hyper-Threading Technology to mitigate the vulnerabilities. However, hyper-threading is a crucial chip technology underpinning the use of virtual machines on systems in datacenters around the world. It can’t be disabled without a cost.
If you’re wondering whether a desktop or notebook computer you have is vulnerable, the researchers have provided a pair of software utilities for Windows and GNU/Linux machines which can tell you.
Apple has released an update to macOS Mojave to push microcode fixes to affected Macs. If you own a Mac, update to macOS Mojave 10.14.5 now.
Microsoft also took the rare step today of releasing patches to several very old versions of Windows to patch a different critical vulnerability affecting remote desktop services. More information is available here.
Now is a very good time to install updates to your operating system!