Posted on

Microarchitecture Data Sampling (MDS) – Zombieload

Microarchitecture Data Sampling Zombieload

Vulnerability

We are following the news of recently published vulnerabilities to Intel CPU architectures. These vulnerabilities are known as microarchitecture data sampling (MDS) flaws, with implementations variously called Zombieload, RIDL, and Fallout. These vulnerabilities are related to previously published Spectre and Meltdown flaws.

The weaknesses appear to impact only computer systems using modern CPU’s produced by Intel, primarily used in laptop, desktop and server platforms. Therefore, your mobile phones, tablets, smart-watches and computing platforms that use CPU’s manufactured by other vendors are not directly affected. However, caution should be exercise as many synchronization, update and backup activities may rely on desktop general computing platforms powered by Intel.

The flaws are exploited by attackers who are able to run code on target systems. This code might be introduced by common methods including previous system compromise, email attachments, or links to compromised sites. There are no published reports of this method of compromise noted in the wild as of yet.

Preventing Compromise

Operating System vendors, Microsoft, Apple and Google are already releasing patches to help prevent exploitation using these methods. Ensuring your systems are updated and patched as the fixes are made available is the best, first, step. Also, continue to follow best practices cyber hygiene policies:

  • run only approved and trusted applications
  • avoid personal activities on business systems
  • follow anti-phishing and anti-malware operating procedures
  • do not allow execution of email attachments
  • visit only trusted web sites and URL’s
  • employ anti-virus and malware protection
  • monitor systems and traffic for malicious behaviors

For customers using cloud services, Microsoft has already announced that their Azure services have been patched to address the issue. The other major Cloud providers are expected to announce similar updates.

We will continue to monitor these important developments to help ensure our customers, systems and information remain protected.

With over 30 years of experience, Daniel Bjorklund is a dedicated information security practitioner and innovator. He serves as a principal at Assured Bridge, helping to mature and guide compliance-as-a-service and managed security service provider operations. Dan is also Chief Technologist at Sabine Solutions - a defense contractor, and owns a small cybersecurity consulting firm: Community Cyber. He is active in the startup and entrepreneurial communities in the Augusta, GA area, helping set firm cybersecurity foundations for new companies and efforts.

Dan is a current CISSP and holds a Master of Science degree in Information Assurance and Security and a Bachelor of Science degree in information technology. When not hunched in front of a computer, Dan can often be found above 3000 feet avoiding highway traffic, flying his airplane as a licensed pilot. He and his wife enjoy outdoor activities, biking, fishing and sightseeing in the Southeastern United States.