Intel RIDL, Fallout & ZombieLoad what it is and what i can do

Four new vulnerabilities have been identified in Intel processors and can be exploited via side-channel attacks. The vulnerabilities have been named RIDL, and ZombieLoad.

Intel RIDL, Fallout & ZombieLoad

These vulnerabilities allow attackers to steal passwords s, encryption keys, or any other type of data that is loaded or stored in the CPU's buffer memory.

The vulnerabilities are categorized as Microarchitectural Data Sampling (MDS) and are identified by the following four CVEs:

  • CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

The researchers who announced the vulnerabilities, in addition to baptizing them (sic), also created two different websites, from which you can read more:

You should be aware that all repair solutions currently available are only mitigations and do not completely fix vulnerabilities. To fully resolve these vulnerabilities, all vendors state that you should disable hyper-threading, which will affect your computer.

Official MDS Advisories, Patches, or Updates:

 

Performance impact of disabling hyper-threading

Microsoft

Unfortunately no microcode updates are available for the following versions of Windows (and for Windows 10 version 1809, which will be released later):

  • Windows 10 Version 1803 for x64-based Systems
  • Windows , version 1803 (Server Installation)
  • Windows 10 Version 1809 for x64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core Installation)

________________

_________________________

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).