Skip to main content

ZombieLoad is Meltdown resurrected. Here’s how to secure your PC right now

HP Spectre 13 2017 Review
Mark Coppock/Digital Trends

Less than a year and a half since Intel had its first public meltdown after finding the highly publicized Meltdown and Spectre security flaws, researchers have discovered a new security vulnerability called Microarchitectural Data Sampling (MDS) — which leaves computers dating back to 2008 vulnerable to eavesdropping attacks.

Fortunately, Intel learned its lesson from the first Meltdown discovery, and it finds itself better prepared to address the recently published security flaw that, if unpatched, could leave computers — ranging from laptops to cloud-based servers — exposed to eavesdropping by an attacker.

Back from the grave

A series of updates were recently deployed to address the newly uncovered security flaw. Whether you’re on a Windows PC or a Mac, you should stay up to date with your security patches to mitigate the risk of attack. Business customers operating their infrastructure from the cloud should check with their service providers to ensure that that latest available security patches will be applied as soon as possible.

MDS was discovered by a wide range of researchers from security firms like Bitdefender, Cyberus, Oracle, and Qihoo360 as well as academic institutions like the University of Michigan, Vrije Universiteit Amsterdam, KU Leuven in Belgium, Austria’s TU Graz, University of Adelaide, Worcester Polytechnic Institute, and Germany’s Saarland University. Researchers have discovered four distinct ways of carrying out MDS attacks, and though some of the attacks were discovered more than a year ago, Intel had asked that the researchers to keep their findings private until a patch was available.

“Academics have discovered four such MDS attacks, targeting store buffers, load buffers, line fill buffers (aka the Zombieload attack), and uncacheable memory — with Zombieload being the most dangerous of all because it can retrieve more information than the others,” ZDNet reported. Some of the attacks, researchers cautioned, could even require hardware changes to the chips to mitigate. Intel claims that some of its chips released within the last month already ship with a fix.

While MDS works in a similar way to Meltdown and Spectre by relying on Intel’s use of speculative execution to boost CPU performance by allowing the processor to guess what data will be required for execution in advance, attackers are able to eavesdrop when data is moving between various components of a processor. In previous attacks, sensitive data was accessed from memory, but in the case of MDS, the data can be accessed from the cache. Anything that passes through the processor, from the website you’ve visited to your password and credit card data, could be accessed through MDS. Hackers can even leverage MDS to extract the decryption keys to an encrypted drive.

Fixing Intel’s chipocalypse

Gregory Bryant, Intel senior vice president in the Client Computing Group, displays a “Lakefield” reference board during Intel Corporation’s news event at CES 2019 on Jan. 7, 2019, in Las Vegas.
Walden Kirsch/Intel Corporation

Intel has readied a fix for MDS, but the patch will need to be deployed through different operating systems. For now, Apple claims that a recent update to its MacOS Mojave operating system and Safari desktop browser already included the fix, so Mac users should download the latest updates if they haven’t already done so. Google also claimed that its recent products already contains a fix, while Microsoft issued a prepared statement stating that a fix will be ready later today. Windows 10 users are advised to download this patch.

“We are working to deploy mitigations to cloud services and release security updates to protect Windows customers against vulnerabilities affecting supported hardware chips,” Microsoft said.

Amazon Web Services have also deployed fixes. “AWS has designed and implemented its infrastructure with protections against these types of bugs, and has also deployed additional protections for MDS,” AWS said in a statement. “All EC2 host infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level. Updated kernels and microcode packages for Amazon Linux AMI 2018.03 and Amazon Linux 2 are available in the respective repositories (ALAS-2019-1205).”

Though chips released starting last month already contained a hardware level fix, Intel claims that microcode updates are enough. “For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software that are available starting today,” the chipmaker said in a statement.

Security researchers from TU Graz and VUSec disagreed with Intel’s conclusion and advised that hyperthreading be disabled, as this process could make it easier for attackers to carry out MDS attacks. In an interview with Wired, Intel downplayed the flaw rating the four vulnerabilities at a low to medium severity, and the company claimed that disabling hyperthreading is not necessary. Intel claims that a lot of noise is also leaked, and it would be very difficult for an attacker to infer your secret data.

At this point, AMD and ARM silicon are not affected by the vulnerability. If your system is running an Intel chip, be sure to apply the latest software patches and check for any new system updates in the coming days.

Editors' Recommendations

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
How we test PC components and hardware
RX 7900 XTX slotted into a test bench.

When it comes time to build your next PC, the first thing you do is run out to the reviews. What graphics card is best for gaming? What CPU do I need for video editing? Is Nvidia or AMD better? Our job as PC hardware reviewers is to guide you in the right direction.

Our hardware reviews are more data-driven than experiential products like monitors or TVs because, at the end of the day, the main question with PC hardware is what performance you can get at what price. A little more is involved than just playing a few games on the latest graphics cards and running Cinebench on CPUs, though.
How we test graphics cards

Read more
If you have a Gigabyte motherboard, your PC might stealthily download malware
A Gigabyte Aorus Extreme motherboard.

Yet another motherboard manufacturer seems to be in trouble -- or rather, the people who own those motherboards might be. According to security researchers, countless Gigabyte boards might be vulnerable to dangerous cyberattacks.

If you want to be extra safe, there are a couple of things you can do to protect your PC. Here's what we know.

Read more
Intel thinks your next CPU needs an AI processor — here’s why
The Intel Meteor Lake chip.

Intel thinks your next processor upgrade should include a dedicated AI processor and its upcoming Meteor Lake chips conveniently fill that gap. The company detailed how it suspects its Vision Processing Units (VPUs) will be leveraged at Computex 2023, and it's including these processors stock on every Meteor Lake chip.

The VPU isn't new. Intel introduced this dedicated AI processor with its 13th-gen Raptor Lake processors, but only on a select few models. The company says they'll come on all Meteor Lake chips, which are slated to launch at the end of 2023.

Read more