The dangerous Intel: MDS processor problem called Zombieload has a different version and newer processor models are vulnerable to it.
In May of year, researchers revealed information about a new class of vulnerabilities in processors Intel: Microarchitectural Data Sampling (MDS). As well as the Specter and Meltdown vulnerabilities, the new bugs turned out to be associated with a proactive (or speculative) mechanism for executing commands. Then the experts identified four vulnerabilities and three groups of problems: RIDL, Fallout and ZombieLoad.
All these bugs allow an attacker to steal passwords, cryptographic keys and other personal data downloaded or stored in the memory of processor buffers.
As Graz University of Technology experts have now found out, ZombieLoad, the most dangerous of the problems found earlier, has a second option (CVE-2019-11135), which poses a threat to newer Intel processors, including Cascade Lake. Previously experts believed that these processors are not susceptible to such attacks, as they are protected at the hardware level.
We present a new variant of ZombieLoad that enables the attack on CPUs that include hardware mitigations against MDS in silicon. With Variant 2 (TAA), data can still be leaked on microarchitectures like Cascade Lake where other MDS attacks like RIDL or Fallout are not possible. Furthermore, we show that the software-based mitigations in combinations with microcode updates presented as countermeasures against MDS attacks are not sufficient”, — write researchers from Graz University of Technology.
As part of the November update Tuesday, Intel engineers released microcode updates that fix the Zombieload 2 problem.
In the spring of this year, experts were silent about the existence of CVE-2019-11135, since Intel developers were not yet ready to issue patches. Now, researchers said that the work of the second ZombieLoad variation involves the use of Intel Transactional Synchronization Extensions (TSX) technology and asynchronous interruption.
In fact, an attacker could use malicious code to create a conflict between reading operations inside the CPU. As a result, data processed by the processor may leak. Researchers write that the attack even works against machines with hardware fixes for the Meltdown vulnerability (in particular, the i9-9900K and Xeon Gold 5218 were tested).
Read also: Microsoft fixed a dangerous error in the RDP code
The only prerequisite for the attack is the need for Intel TSX support, which is available by default in all Intel processors manufactured after 2013 (Haswell processors got the first TSX support).
Intel representatives not only published updated microcodes, but also hastened to assure that Zombieload 2 is not as dangerous as it might seem.
The fact is that all MDS attacks allow malicious code to be executed on Intel processors, but attackers cannot control what data they extract”, – Intel engineers report.
In fact, Intel experts claim that criminals have other, much simpler ways and means to steal data from targets.
Recommendations:
Since patches for speculative attacks usually lead to a potential drop in system performance, many users may not want to install the next update. In this case, Intel recommends disabling TSX support if it is not absolutely necessary.
