SIMonline

Service receive & sending SMS

Intel MDS Vulnerabilities: What You Need to Know

323   |     /   Security

Intel MDS Vulnerabilities: What You Need to Know
Tech giants have posted security recommendations and blog posts in response to Microarchitectural Data Sampling (MDS) vulnerabilities affecting most Intel processors released in the last decade.



Our service of virtual numbers for receiving SMS will keep your personal phone number safe when confirming your Vkontakte account.

Vulnerabilities are associated with speculative execution and can be used to attack side channels. Researchers began reporting bugs at Intel in June 2018, but the chip maker said their own researchers were the first to find them. However, in addition to its own employees, Intel has credited researchers from several universities and companies for security holes.

Researchers have named new attack methods: ZombieLoad, RIDL (Rogue In-Flight Load Data), Fallout, and Store-to-Leak Forwarding. Intel Corporation assigned the following names and CVEs: microarchitecture fill buffer data sample (MFBDS, CVE-2018-12130), microarchitectural storage buffer data sample (MSBDS, CVE-2018-12126), microarchitecture download port data sample (MLPDS, CVE-2018 –12127) And microarchitectural selective memory without data caching (MDSUM, CVE-2018-11091).

Attack methods pose a threat to both PC and cloud environments, and allow hackers to leak information about applications, operating system, virtual machines and trusted runtimes, including passwords, website content, disk encryption keys and browser history. Attacks can be launched both by malware present in the target system, and from the Internet.

However, Intel says that exploiting a real attack is not an easy task, and an attacker may not be able to obtain valuable information, even if the exploit is successful.

The flaws affect the products of several large technology companies, and most of them have already posted blog posts and recommendations containing information about their impact and the availability of corrections.

Intel
Intel claims that its new products, such as multiple 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address these hardware-level vulnerabilities. Some of the other affected products have received or will receive microcode updates that should address the shortcomings. The company has published a technical deep dive and a list that users can check to see if their processors will receive microcode updates.

Intel says risk mitigation should have a minimal impact on performance for most PCs, but it can affect performance in the event of data center workloads.

Disabling hyperthreading on vulnerable processors should prevent exploitation of vulnerabilities.

Apple
Apple told customers that MacOS Mojave 10.14.5 and Security Update 2019-003 for Sierra and High Sierra include an option to completely eliminate MDS attacks. Mojave 10.14.5 also includes a Safari update that should prevent Internet exploitation.

Microsoft
Microsoft began releasing software updates for Windows and introduced server-side patches into its cloud services to address vulnerabilities. The company noted that in addition to software updates, firmware updates are also needed to fully protect against attacks.

Microsoft has also released a PowerShell script that users can run on their systems to check for speculative performance degradation.

Google
Google has made available a page where users are informed of the actions they need to take depending on the products they have. The Internet giant claims its infrastructure, products and services G Suite and the Google Cloud Platform are protected from attacks, but some cloud users may need to take action.

The company says the vast majority of Android devices are unaffected. For Chrome OS devices, Google turned off hyperthreading by default starting with version 74, and additional changes will be available in Chrome OS 75.

VMware
VMware informed users that vulnerabilities affect its VMware vCenter Server, vSphere ESXi, workstation, Fusion, vCloud usage meter, Identity Manager, vCenter Server, vSphere Data Protection, vSphere integrated containers and vRealize Automation products.

The company provides hypervisor-specific guest mitigation measures and products for victims. These measures include software updates and fixes from VMware.

VMware indicated that exploiting the flaws requires local access to the target virtual machine and the ability to execute code.

Ibm
IBM says it is introducing Intel microcode updates and mitigating its cloud services. The company told users that its POWER processors are not affected by the MDS vulnerability.

Citrix
Citrix says Intel's full vulnerability fix includes Citrix hypervisor updates and CPU microcode updates. The company has released a fix for XenServer 7.1, which includes updates to both the hypervisor and CPU firmware, and plans to release similar fixes for other vulnerable products.

Oracle
The Oracle blog talks about the impact of flaws on the company's hardware, operating systems, and cloud services. X86-based systems must be evaluated by administrators, and Oracle Engineered Systems customers will receive specific recommendations from the company.

This does not affect Oracle SPARC and Solaris servers on SPARC, but it does affect Solaris on x86 systems. Oracle has released patches for Oracle Linux and VM Server products.

Aws
Amazon Web Services (AWS) said it has implemented protection against MDS attacks across its entire infrastructure and requires no action from users. The company has released updated kernels and microcode packages for Amazon Linux AMI 2018.3 and Amazon Linux 2.

Xen project
The Xen project says systems running on all versions of Xen are vulnerable if they use Intel x86 processors.

Linux distributions
Recommendations for MDS vulnerabilities in Intel processors were published by the Linux, Red Hat, Debian, Ubuntu, and SUSE kernel developers. Linux distributions have already begun releasing updates that should fix the flaws.

Equipment manufacturers
Many hardware manufacturers whose products use Intel processors are likely to be affected by the ZombieLoad and RIDL vulnerabilities. However, so far only Lenovo and HP have apparently begun to release firmware patches for their devices.


Similar news


Microsoft Windows XP 2019 Update

Microsoft has issued a warning about a very dangerous flaw that exists in older versions of Windows. Vulnerability can lead to the emergence of new self-propagating malware that strikingly resembles the infamous WannaCry, which damaged systems around the world in 2017.

Vulnerability of GE Power Meter

GE Communicator software has several vulnerabilities, including hardcoded credentials and privilege escalation deficiencies, ICS-CERT reported.

Hundreds of Git Vaults Have Been Hacked

Cybercriminals erase the repositories of GitHub, GitLab and Bitbucket and ask their owners to pay a ransom for data recovery. Vulnerable Git service providers believe that cybercriminals used compromised credentials to access their accounts.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved