Skip to main content

ZombieLoad is Meltdown resurrected. Here’s how to secure your PC right now

HP Spectre 13 2017 Review
Mark Coppock/Digital Trends

Less than a year and a half since Intel had its first public meltdown after finding the highly publicized Meltdown and Spectre security flaws, researchers have discovered a new security vulnerability called Microarchitectural Data Sampling (MDS) — which leaves computers dating back to 2008 vulnerable to eavesdropping attacks.

Fortunately, Intel learned its lesson from the first Meltdown discovery, and it finds itself better prepared to address the recently published security flaw that, if unpatched, could leave computers — ranging from laptops to cloud-based servers — exposed to eavesdropping by an attacker.

Back from the grave

A series of updates were recently deployed to address the newly uncovered security flaw. Whether you’re on a Windows PC or a Mac, you should stay up to date with your security patches to mitigate the risk of attack. Business customers operating their infrastructure from the cloud should check with their service providers to ensure that that latest available security patches will be applied as soon as possible.

MDS was discovered by a wide range of researchers from security firms like Bitdefender, Cyberus, Oracle, and Qihoo360 as well as academic institutions like the University of Michigan, Vrije Universiteit Amsterdam, KU Leuven in Belgium, Austria’s TU Graz, University of Adelaide, Worcester Polytechnic Institute, and Germany’s Saarland University. Researchers have discovered four distinct ways of carrying out MDS attacks, and though some of the attacks were discovered more than a year ago, Intel had asked that the researchers to keep their findings private until a patch was available.

“Academics have discovered four such MDS attacks, targeting store buffers, load buffers, line fill buffers (aka the Zombieload attack), and uncacheable memory — with Zombieload being the most dangerous of all because it can retrieve more information than the others,” ZDNet reported. Some of the attacks, researchers cautioned, could even require hardware changes to the chips to mitigate. Intel claims that some of its chips released within the last month already ship with a fix.

While MDS works in a similar way to Meltdown and Spectre by relying on Intel’s use of speculative execution to boost CPU performance by allowing the processor to guess what data will be required for execution in advance, attackers are able to eavesdrop when data is moving between various components of a processor. In previous attacks, sensitive data was accessed from memory, but in the case of MDS, the data can be accessed from the cache. Anything that passes through the processor, from the website you’ve visited to your password and credit card data, could be accessed through MDS. Hackers can even leverage MDS to extract the decryption keys to an encrypted drive.

Fixing Intel’s chipocalypse

Gregory Bryant, Intel senior vice president in the Client Computing Group, displays a “Lakefield” reference board during Intel Corporation’s news event at CES 2019 on Jan. 7, 2019, in Las Vegas.
Walden Kirsch/Intel Corporation

Intel has readied a fix for MDS, but the patch will need to be deployed through different operating systems. For now, Apple claims that a recent update to its MacOS Mojave operating system and Safari desktop browser already included the fix, so Mac users should download the latest updates if they haven’t already done so. Google also claimed that its recent products already contains a fix, while Microsoft issued a prepared statement stating that a fix will be ready later today. Windows 10 users are advised to download this patch.

“We are working to deploy mitigations to cloud services and release security updates to protect Windows customers against vulnerabilities affecting supported hardware chips,” Microsoft said.

Amazon Web Services have also deployed fixes. “AWS has designed and implemented its infrastructure with protections against these types of bugs, and has also deployed additional protections for MDS,” AWS said in a statement. “All EC2 host infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level. Updated kernels and microcode packages for Amazon Linux AMI 2018.03 and Amazon Linux 2 are available in the respective repositories (ALAS-2019-1205).”

Though chips released starting last month already contained a hardware level fix, Intel claims that microcode updates are enough. “For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today,” the chipmaker said in a statement.

Security researchers from TU Graz and VUSec disagreed with Intel’s conclusion and advised that hyperthreading be disabled, as this process could make it easier for attackers to carry out MDS attacks. In an interview with Wired, Intel downplayed the flaw rating the four vulnerabilities at a low to medium severity, and the company claimed that disabling hyperthreading is not necessary. Intel claims that a lot of noise is also leaked, and it would be very difficult for an attacker to infer your secret data.

At this point, AMD and ARM silicon are not affected by the vulnerability. If your system is running an Intel chip, be sure to apply the latest software patches and check for any new system updates in the coming days.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
I’m attending the world’s biggest PC show next week. Here’s why I’m so excited
Computex 2024 logo.

Computex will be big this year. Coming off a seismic shift in the world of PCs just a week ago with the introduction of Copilot+, Computex is the perfect place for the rest of the industry to show off what it’s been up to. This year, I’ll be on the ground in Taipei City, Taiwan, and there are some key products I expect to see.

It won’t be long before we have all the juicy details on what AMD, Intel, and Nvidia have been working on, with the show going from June 4 to June 7. There are already plenty of breadcrumbs for what we could see get announced though, so let's get into it.
Intel's answer

Read more
Why Samsung has the most exciting Copilot+ PC right now
The keyboard and trackpad of the Galaxy Book4 Edge.

We were just inundated with a whole slew of new Windows laptops. These aren't your average notebooks, though -- they're part of Microsoft's new Copilot+ PC program -- built from the ground up with AI and ARM chips in mind.

A lot of these laptops emphasize the same performance and battery life gains caused by Qualcomm's Snapdragon X chips. Those are impressive, but comparing all these laptops against each other, it's Samsung's entry that makes me the most excited.
Design efficiency

Read more
It’s time to stop ignoring the CPU in your gaming PC
A hand holding an AMD Ryzen CPU.

There's one thing that will strike fear into the heart of any PC gamer: a CPU bottleneck. It's unimaginable that you wouldn't get the full power of your GPU when playing games, which is often the most expensive component in your rig. And although knowledge of what CPU bottlenecks are and how to avoid them is common, we're in a new era of bottlenecks in 2024.

It's time to reexamine the role your CPU plays in your gaming PC, not only so that you can get the most performance out of your rig but also to understand why the processor has left the gaming conversation over the last few years. It's easy to focus all of your attention on a big graphics card, but ignore your CPU and you'll pay a performance price.
The common knowledge

Read more