Posted on

Microarchitecture Data Sampling (MDS) – Zombieload

Microarchitecture Data Sampling Zombieload

Vulnerability

We are following the news of recently published vulnerabilities to Intel CPU architectures. These vulnerabilities are known as microarchitecture data sampling (MDS) flaws, with implementations variously called Zombieload, RIDL, and Fallout. These vulnerabilities are related to previously published Spectre and Meltdown flaws.

The weaknesses appear to impact only computer systems using modern CPU’s produced by Intel, primarily used in laptop, desktop and server platforms. Therefore, your mobile phones, tablets, smart-watches and computing platforms that use CPU’s manufactured by other vendors are not directly affected. However, caution should be exercise as many synchronization, update and backup activities may rely on desktop general computing platforms powered by Intel.

The flaws are exploited by attackers who are able to run code on target systems. This code might be introduced by common methods including previous system compromise, email attachments, or links to compromised sites. There are no published reports of this method of compromise noted in the wild as of yet.

Preventing Compromise

Operating System vendors, Microsoft, Apple and Google are already releasing patches to help prevent exploitation using these methods. Ensuring your systems are updated and patched as the fixes are made available is the best, first, step. Also, continue to follow best practices cyber hygiene policies:

  • run only approved and trusted applications
  • avoid personal activities on business systems
  • follow anti-phishing and anti-malware operating procedures
  • do not allow execution of email attachments
  • visit only trusted web sites and URL’s
  • employ anti-virus and malware protection
  • monitor systems and traffic for malicious behaviors

For customers using cloud services, Microsoft has already announced that their Azure services have been patched to address the issue. The other major Cloud providers are expected to announce similar updates.

We will continue to monitor these important developments to help ensure our customers, systems and information remain protected.

Certified Information System Security Professional Daniel Bjorklund is the information assurance and cybersecurity subject matter expert for Assured Bridge LLC, a company specializing in cybersecurity compliance solutions. With over 20 years’ experience in U.S. military intelligence and security operations, plus significant involvement in government, commercial and private sector cybersecurity initiatives, Dan has comprehensive knowledge of today’s rapidly-evolving cyber-dependent world. A recently-licensed pilot and amateur radio operator, Dan lives with his wife in South Carolina.
Dan can be found on LinkedIn (https://www.linkedin.com/in/dbjorklundcissp/) and Twitter (https://twitter.com/IASE_at_large)