A Security Cause to Pause: The Microarchitectural Data Sampling (MDS) Vulnerability

A new group of Intel vulnerabilities, collectively called Microarchitecture Data Sampling (MDS), were disclosed last week. The vulnerabilities allow attackers to steal data as processes run on most machines using Intel chips. The vulnerabilities affect nearly every Intel processor released in the past decade and may be especially dangerous in multi-user environments like virtualized servers in data centers.

en flag
nl flag
fr flag
de flag
pt flag
es flag

Three industry updates on the Intel Microarchitectural Data Sampling (MDS) group of vulnerabilities.

Fresh Spectre Vulnerabilities May Force Cloud Providers to Disable Intel Hyper-Threading

An extract from an article by Joab Jackson

Last year, when the news of the Spectre processor vulnerability first surfaced, observers warned that it would probably be the first of other possible flaws found in the speculative execution of Intel (and other) processors. On Tuesday [May 14, 2019], multiple sets of researchers collectively revealed four additional Spectre-related flaws, collectively dubbed Microarchitectural Data Sampling (MDS).

The flaws affect all operating systems running on all Intel processors built since 2011, both desktop and server varieties. They could allow an attacker to surreptitiously collect sensitive data in memory, such as passwords or tokens.  No known attacks have been spotted in the wild, according to Intel.

While software providers rush patches out, end-users will still pay a performance penalty, as part of the remediation involves shutting off the performance-enhancing Hyper-Threading feature in Intel chips.

“This vulnerability is probably of greatest impact to dense, multi-tenant public cloud providers. In single-user environments, it’s far less interesting than in places where one tenant may be able to spy on another,” Twistlock Chief Technology Officer John Morello wrote in an e-mail.

Read the complete article at Fresh Spectre Vulnerabilities May Force Cloud Providers to Disable Intel Hyper-Threading

Here’s How ZombieLoad Affects Data Centers and What to Do About It

An extract from an article by Maria Korolov

According to Rosenwald, this is a low to medium-severity vulnerability. “Exploiting these vulnerabilities outside of a laboratory environment is extremely complex relative to other methods that attackers have at their disposal,” she said. “And it’s important to note that there are no reports of any real-world exploits of these vulnerabilities.”

The flaw allows malware on a PC to eavesdrop on other applications on the same machine to, say, steal passwords. The malware would still first have to be installed using some other method, such as a phishing attack or a drive-by download.

In a data center, however, one virtual machine could eavesdrop on what’s happening in another virtual machine on the same server without having to install the malware on that second VM. That’s especially troubling for cloud environments since one user could install the exploit on their own cloud VM to spy on other users.

Read the complete article at Here’s How ZombieLoad Affects Data Centers and What to Do About It

Side Channel Vulnerability Microarchitectural Data Sampling

An extract from an overview published by Intel

On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).

First identified by Intel’s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.

MDS is addressed in hardware starting with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family. More details can be found here. We expect all future Intel® processors include hardware mitigations addressing these vulnerabilities.

Read the complete overview at Side Channel Vulnerability Microarchitectural Data Sampling

Additional Reading

Source: ComplexDiscovery

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.