ZombieLoad: Watch your step, the (Intel) chips are down

A new batch of computer chip vulnerabilities are hitting the same areas as the Meltdown and Spectre flaws from 2018. Using these vulnerabilities enables cyber-criminals to access data that is being processed by the Intel CPUs. Researchers have used this vulnerability to uncover what websites a person was visiting – even when the person was using the secure TOR browser. It’s not just your personal data on the device that could be eavesdropped on due to this vulnerability, it can also be exploited in the cloud.

According to the report by the vulnerability discoverers, the most susceptible hardware is believed to be Intel CPU chips manufactured after 2011.

No time to speculate

Spectre-like attacks take advantage of a CPU feature called speculative execution. This is a feature that should help to speed up performances by using idle processor resources to do some work before it is known whether it is actually needed or not. A malicious use of this vulnerability can tap the data being processed by other running programs. These secrets can be as simple as browser history and passwords, or become more complex such as disk encryption keys.

Researchers have found four different types of these attacks and labeled them with an alphabet soup assortment of code names. Of the four, the Zombieload is considered the most dangerous

Fixing these issues requires more work than the typical update. It takes changes to both the microcode for the CPU hardware and also changes for the operating system of the device itself. Most OS developers including Microsoft have released their patches today. On the CPU side, Intel has already sent the microcode updates to the developers of motherboards and OEM firmware vendors. However, the end users will only get them in a future bundle of OEM firmware updates.

Take the PowerShell challenge

To make sure the patch has been applied, Microsoft has updated a PowerShell script earlier developed for Spectre for this newest round of vulnerabilities. Go here for complete directions on how to use it.

 

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.