8669828892?profile=original

New CPU Vulnerabilities Discovered

RIDL/ZombieLoad and L1DES/CacheOut are just the latest variants of vulnerabilities discovered in Intel CPU’s that target Micro-architectural Data Sampling (MDS) weaknesses. Discovered over 7 months ago, researchers responsibly informed Intel, and kept the information confidential at Intel’s request, to give the CPU maker time to prepare patches. Reports indicate that Intel is still working on fixes, but may have another patch(s) ready very soon to protect their products.

Hacking hardware, like the Central Processing Unit (CPU) is especially problematic for security as such vulnerabilities reside below the operating system and typically outside the view of cybersecurity products. It can take much longer than software flaws to develop, test, and deploy.  Additionally, patching hardware with new microcode is especially difficult as it can have serious repercussions to the system.  In the past, customers complained about unacceptable performance impacts with previous security fixes, and researchers complained that some of the mitigations were insufficient, resulting in customers remaining vulnerable.

 

Wired magazine did a great write-up: https://www.wired.com/story/intel-zombieload-third-patch-speculative-execution/

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)