Three industry updates on the Intel Microarchitectural Data Sampling (MDS) group of vulnerabilities.
Fresh Spectre Vulnerabilities May Force Cloud Providers to Disable Intel Hyper-Threading
An extract from an article by Joab Jackson
Last year, when the news of the Spectre processor vulnerability first surfaced, observers warned that it would probably be the first of other possible flaws found in the speculative execution of Intel (and other) processors. On Tuesday [May 14, 2019], multiple sets of researchers collectively revealed four additional Spectre-related flaws, collectively dubbed Microarchitectural Data Sampling (MDS).
The flaws affect all operating systems running on all Intel processors built since 2011, both desktop and server varieties. They could allow an attacker to surreptitiously collect sensitive data in memory, such as passwords or tokens. No known attacks have been spotted in the wild, according to Intel.
While software providers rush patches out, end-users will still pay a performance penalty, as part of the remediation involves shutting off the performance-enhancing Hyper-Threading feature in Intel chips.
“This vulnerability is probably of greatest impact to dense, multi-tenant public cloud providers. In single-user environments, it’s far less interesting than in places where one tenant may be able to spy on another,” Twistlock Chief Technology Officer John Morello wrote in an e-mail.
Here’s How ZombieLoad Affects Data Centers and What to Do About It
An extract from an article by Maria Korolov
According to Rosenwald, this is a low to medium-severity vulnerability. “Exploiting these vulnerabilities outside of a laboratory environment is extremely complex relative to other methods that attackers have at their disposal,” she said. “And it’s important to note that there are no reports of any real-world exploits of these vulnerabilities.”
The flaw allows malware on a PC to eavesdrop on other applications on the same machine to, say, steal passwords. The malware would still first have to be installed using some other method, such as a phishing attack or a drive-by download.
In a data center, however, one virtual machine could eavesdrop on what’s happening in another virtual machine on the same server without having to install the malware on that second VM. That’s especially troubling for cloud environments since one user could install the exploit on their own cloud VM to spy on other users.
Side Channel Vulnerability Microarchitectural Data Sampling
An extract from an overview published by Intel
On May 14, 2019, Intel and other industry partners shared details and information about a new group of vulnerabilities collectively called Microarchitectural Data Sampling (MDS).
First identified by Intel’s internal researchers and partners, and independently reported to Intel by external researchers, MDS is a sub-class of previously disclosed speculative execution side channel vulnerabilities and is comprised of four related techniques. Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see. MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.
MDS is addressed in hardware starting with select 8th and 9th Generation Intel® Core™ processors, as well as the 2nd Generation Intel® Xeon® Scalable processor family. More details can be found here. We expect all future Intel® processors include hardware mitigations addressing these vulnerabilities.
- From EDRM – Duke Law: Security Audit Questionnaire
- Data Security and Acquisitions: Finding the Problem Before You Own It