Deep Dive: Intel Analysis of Microarchitectural Data Sampling

https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling

This technical deep dive expands on the information in the Microarchitectural Data Sampling (MDS) guidance.

Be sure to review the disclosure overview for software developers first and apply any microcode updates from your OS vendor.
Apple, Amazon, Google, Microsoft and Mozilla release patches for ZombieLoad chip flaws
https://techcrunch.com/2019/05/14/intel-chip-flaws-patches-released/
Intel MDS Vulnerabilities: What You Need to Know
https://www.securityweek.com/intel-mds-vulnerabilities-what-you-need-know
New security flaws have been found in Intel chips—this is what you need to do right now – MIT Technology Review
https://www.technologyreview.com/f/613537/new-security-flaws-have-been-found-in-intel-chipsthis-is-what-you-need-to-do-right-now/

Download this security patch now if your PC is powered by Intel
https://www.digitaltrends.com/computing/intel-mds-security-patch/

MDS was discovered by a wide range of researchers.

“Academics have discovered four such MDS attacks, targeting store buffers (CVE-2018-12126 aka Fallout), load buffers (CVE-2018-12127), line fill buffers (CVE-2018-12130, aka the Zombieload attack, or RIDL), and uncacheable memory (CVE-2019-11091) — with Zombieload being the most dangerous of all because it can retrieve more information than the others,” ZDNet reported.

New Intel security flaws could slow some chips by nearly 20%
https://www.reuters.com/article/us-intel-cyber/new-intel-security-flaws-could-slow-some-chips-by-nearly-20-idUSKCN1SK2OD?feedType=RSS&feedName=technologyNews&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+reuters%2FtechnologyNews+%28Reuters+Technology+News%29

New secret-spilling flaw affects almost every Intel chip since 2011
https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/
Like Meltdown and Spectre, it’s not just PCs and laptops affected by ZombieLoad — the cloud is also vulnerable. ZombieLoad can be triggered in virtual machines, which are meant to be isolated from other virtual systems and their host device.

Computer makers Apple and Microsoft and browser makers Google have released patches, with other companies expected to follow.

Intel’s technical note on the issue

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

0 Comments

Be the first to post a comment.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*