More Challenges for Intel Hardware Product Security

New CPU Vulnerabilities Discovered

RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers responsibly informed Intel, and kept the information confidential at Intel’s request, to give the CPU maker time to prepare patches. Reports indicate that Intel is still working on fixes, but may have another patch(s) ready very soon to protect their products.

Hacking hardware, like the Central Processing Unit (CPU) is especially problematic for security as such vulnerabilities reside below the operating system and typically outside the view of cybersecurity products. It can take much longer than software flaws to develop, test, and deploy.  Additionally, patching hardware with new microcode is especially difficult as it can have serious repercussions to the system.  In the past, customers complained about unacceptable performance impacts with previous security fixes, and researchers complained that some of the mitigations were insufficient, resulting in customers remaining vulnerable.

 

Wired magazine did a great write-up: https://www.wired.com/story/intel-zombieload-third-patch-speculativ...

Views: 13

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service