Security researchers at Intel and in the wider tech industry have found a new species of vulnerability in Intel chips.
Collectively called Microarchitectural Data Sampling (MDS), the vulnerability is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques.
Under certain conditions, MDS provides a program that potentially means you can read data that the program otherwise would not be able to see.
It’s worth noting that practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.
MDS is also being termed ‘ZombieLoad‘ as your processor resurrects your private browsing history and other sensitive data.
Almost every computer with Intel chips dating back to 2011 is affected. But AMD and ARM chips are not thought to be vulnerable.
Our experts are currently testing the impact of applying any patches and updates, which should cause minimal disruption to normal services. We’re constantly keeping our eye on the latest updates from Intel and the industry so that we can protect our customers as much as possible.
If there are any steps that require our customers’ involvement, we’ll contact you directly.
Here are some things you can do right now to safeguard your infrastructure:
Microsoft’s security advisory information can be found here.
For our RHEL and CentOS clients the advisory is:
For Ubuntu clients please see information here.
If your device is using an Intel CPU that is not after generation 8 or 9, it’s likely to be at risk. Over the coming weeks, all vendors, developers and manufacturers should be issuing updates to protect your devices from any issues.
The bugs are thought to be akin to Meltdown and Spectre, which exploited a weakness in speculative execution.