Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
rcmaehl

Zombieload Saga - New Intel Architecture security flaws, worse than Spectre/Meltdown

Recommended Posts

Posted · Original PosterOP

Source:
Wired
MDS Attacks
Bleeping Computer

 

Summary:

Intel and a coordinated supergroup of microarchitecture security researchers announced a new, serious form of hackable vulnerability in Intel's chips. All are capable of siphoning a stream of potentially sensitive data from a computer's CPU to an attacker.

Quotes/Excerpts:

Quote

More year has passed since security researchers revealed Meltdown and Spectre, a pair of flaws in the deep-seated, arcane features of millions of chip sold by Intel and AMD, putting practically every computer in the world at risk. Researchers warned that they weren't the end of the story, but the beginning...a new class of security vulnerability that would no doubt surface again and again. Some of those same researchers have uncovered yet another flaw in the deepest guts of Intel's...hardware. It can allow attackers to eavesdrop on virtually every bit of raw data that a victim's processor touches. Intel and a coordinated supergroup of microarchitecture security researchers are together announcing a new, serious form of hackable vulnerability in Intel's chips. It's four distinct attacks, in fact, though all of them use a similar technique, and all are capable of siphoning a stream of potentially sensitive data. The groups have named variants of the exploit techniques ZombieLoad, Fallout, and RIDL, or "Rogue In-Flight Data Load." Intel itself has more tamely labelled the new set of attacks "Microarchitectural Data Sampling," or MDS. Intel...asked all the researchers to keep their findings secret, until it could release fixes for the vulnerabilities. At the same time, the company has sought to downplay the severity of the bugs, according to the researchers...split into two groups working independently...each warn that the attacks represent a serious flaw in Intel's hardware that may require disabling some of its features, even beyond the company's patch. AMD and ARM chips don't appear to be vulnerable. Intel says that some models of chip it's released in the last month include a fix for the problem. Otherwise, all of Intel's chips that the researchers tested, going back as early as 2008, were affected. You can test if your system is affected with a tool the researchers published here.


My Thoughts:
It's that time again all, Architecture vulnerabilities! Batten down the hatches and apply your patches. While I haven't had time to read all of this, the fact it's an architecture flaw means that only workarounds can be applied since you can't change the silicon.


NotCPUCores Dev | Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS


 

Link to post
Share on other sites
2 minutes ago, Minibois said:

Thanks @LukeSavenije

64126670_tenor(7).gif.e116a32f025a92976d2b1032745196ad.gif

 

you're welcome😋


PSU Tier List//Graphics card (cooling) tier list//Build Guide Megathread//Motherboard Tier List//Linux Guide//Build logs//Before troubleshoot//Mark Solved//Off Topic//Community standards

Don't forget to quote or mention me

 

Primary PC:

Spoiler

CPU: I5-8600k  @4.5 ghz  GPU: GTX 1070 ti EVGA SC Gaming   RAM: 8+8 3360 mhz DDR4 Trident Z   MOBO: MSI Gaming Pro Carbon AC   HDD: 1 TB 7200 RPM Seagate Baracudda, 1 TB 5400 RPM Samsung ECOGREEN   SSD: Samsung 860 EVO 500 GB   Soundcard: built in   Case: Cooler Master Masterbox Lite 5 RGB   Screen: Salora 40LED1500

 

Secondary PC: Cedar mill

Spoiler

CPU: i3-2130   GPU: Intel HD graphics   RAM: 4+2 GB 1333 mhz DDR3    MOBO: HP H series   HDD: 320 GB WD Black 7200 RPM   PSU: HP 250 watt   Soundcard: built in   Case: Sunbeam Quarterback   Screen: IIyama Prolite T2240MTS, Samsung SyncMaster710N

 

Server: CookieVault

Spoiler

CPU: core2dual E8400   GPU: Intel HD graphics   RAM: 2+1+1+1 gb 1333 mhz ddr3   MOBO: HP Q series   HDD: 4x 1tb 5400 RPM Samsung Spinpoint Ecogreen   Soundcard: built in   Case: Compaq 6000 pro mt   Screen: Samsung SyncMaster710n

 

Laptop: Acer TravelMate 8573t

Spoiler

CPU: I3-2330M   GPU: Intel HD graphics   RAM: 8+2 GB 1333 mhz DDR3   MOBO: Acer   SSD: 250 gb mx500 sata   Soundcard: built in   Case: Acer TravelMate 8573t   Screen: TN 768p

 

Consoles:

Spoiler

PS4 slim glacier white 500 gb, PS4 FTP Special Edition 500 gb, Xbox, 3 DS lites, DSI XL, Gameboy Advanced Color, PS Vita v2, Wii, PS3 500 gb

 

Link to post
Share on other sites

This is more disconcerting:

 

https://support.apple.com/en-us/HT210107

 

Apparently this has already been patched in Mac OS 10.14.5 for Safari to prevent exploitation via Javascript through a malicious website.. The security flaw was already disclosed to Intel in September of 2018, which is why there already are fixes available.

 

You could still be vulnerable if you use unsigned software / harmful apps, this is what Apple has to say about this:

 

Quote

macOS Mojave 10.14.5 fixes this issue for Safari with no measurable performance impact.This update prevents exploitation of these vulnerabilities via JavaScript or as a result of navigating to a malicious website in Safari.

.......
 

Full mitigation requires using the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology. This capability is available for macOS Mojave, High Sierra, and Sierra in the latest security updates and may reduce performance by up to 40 percent2, with the most impact on intensive computing tasks that are highly multithreaded. Learn how to enable full mitigation

YIKES. I don't know if I WANT to "mitigate" this vulnerability now. Way to go Intel. Apparently Hyperthreading is completely UNSAFE now.

 

I am sure the repercussions are the same for Intel based Windows machines, since the CPU and Hyperthreading seem to be at the core of this vulnerability. Would apply for all OS.

 

Glad I got a Ryzen CPU for my Desktop now!

Link to post
Share on other sites

Eh, I just tend to ignore these since I never put my computer into situations where these vulnerabilities could be exploited in the first place. I've already disabled the spectre and meltdown patches cause I don't want gimped performance.


8086k Winner BABY!!

My tech stuff

 

Main rig

Cpu: 2600k (4.0ghz)

Mobo: Asus P8Z68-V LE

Ram: 16gb crucial

Gpu: Windforce 1070 ti

 

LG G6 | Snapdragon 821 w Adreno 530 | 4gb ram | 32gb storage |

 

Link to post
Share on other sites
25 minutes ago, maartendc said:

This is more disconcerting:

 

https://support.apple.com/en-us/HT210107

 

Apparently this has already been patched in Mac OS 10.14.5 for Safari to prevent exploitation via Javascript through a malicious website.. The security flaw was already disclosed to Intel in September of 2018, which is why there already are fixes available.

 

You could still be vulnerable if you use unsigned software / harmful apps, this is what Apple has to say about this:

 

YIKES. I don't know if I WANT to "mitigate" this vulnerability now. Way to go Intel. Apparently Hyperthreading is completely UNSAFE now.

 

I am sure the repercussions are the same for Intel based Windows machines, since the CPU and Hyperthreading seem to be at the core of this vulnerability. Would apply for all OS.

 

Glad I got a Ryzen CPU for my Desktop now!

we had to disable hyper threading at work on our VM hosts to mitigate all the issues.

Sad because hyper threading has A LOT of benefit there...


"There is nothing more difficult than fixing something that isn't all the way broken yet." - Author Unknown

"A redline a day keeps depression at bay" - Author Unknown

Spoiler

Intel Core i7-3960X @ 4.4 GHz - Asus P9X79WS/IPMI - 12GB DDR3-1600 quad-channel - EVGA GTX 1080ti SC - Fractal Design Define R5 - 500GB Crucial MX200 and 2 x Seagate ST2000DM006 (in RAID 0 for games!) - The good old Corsair GS700 - Yamakasi Catleap 2703 27" 1440p and ASUS VS239H-P 1080p 23" - NH-D15 - Logitech G710+ - Mionix Naos 7000 - Sennheiser PC350 w/Topping VX-1

 

Avid Miata autocrosser :D

Link to post
Share on other sites

Intel: Don't need to disable Hyperthreading if you don't even have it on most of your CPUs.

 

giphy.gif


Intel i5-2500k | Cooler Master Hyper 212+ | Gigabyte Z68A-D3-B3 | 8GB G.Skill Ripjaws-X 1333MHz | EVGA 960 4GB SSC Gaming | EVGA GQ 650 | Crucial M4 128GB / Crucial MX500 500GB / Samsung Spinpoint 1TB | Corsair Carbide 400R

Link to post
Share on other sites

A few more security patches and Intels latest lineup looks like the old AMD FX lineup.

 

Well it HAS 8 cores and 16 threads...but since it has severe vulnerabilities it really just shares those resources so its 8 c / 8 t

 

 


Ryzen Rig 2: ASrock B450 Pro4 ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 2133mhz Patriot Viper, Corsair HX850 PSU, Corsair H100i GTX 240mm AIO push top exhaust, 128gb Patriot Scorch NVMe Win 10 boot drive, 500gb Samsung 840 EVO SSD, CoolerMaster HAF XM Case

Ryzen Rig: ASUS B350-PRIME ATX, Ryzen 7 1700, Sapphire R9 Fury Tri-X Nitro 4gb HBM, 16gb (2x8) 3200mhz V-Color Skywalker, ANTEC Earthwatts 750w PSU, MasterLiquid Lite 120 AIO cooler in Push/Pull config as rear exhaust, 250gb Samsung 850 Evo SSD, Patriot Burst 240gb SSD, 640gb WD Blue 7200 RPM Mech drive, Rosewill Nautilus 1.0 Case

Media Center:  See Project: Dwight in the builds section of the forum

Micro Form Factor Dell OptiPlex 3040: Dell 0MGK50 A02, i3-6100T, 4gb DDR3 1600, Team Group 120gb SSD, Windows 10 Pro, Logitech K400+, M.2 Intel Wifi/Bluetooth

 

A couple laptops and tablets around the house

Link to post
Share on other sites
Posted · Original PosterOP
1 hour ago, floofer said:

My Mac doesn’t get viruses, so I’m fine.

I understood that reference


NotCPUCores Dev | Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS


 

Link to post
Share on other sites

There are no vulnerabilities and patches are dumb performance killers, this is valid only for the most sensitive of data in servers and whatnot.

It has no effect in userland.

In order for anyone to get your raw data from the CPU, they have to execute programs on your machine.... if anyone gets the rights to execute code on a machine they no longer need the vulnerability in the CPU to get your data, hence making all the patches so far pointless and performance destruction for no good reason.

Link to post
Share on other sites
9 minutes ago, yian88 said:

It has no effect in userland.

It does if malicious software is created to utilize these exploits. Even if it takes several years for these exploits to be utilized in an attack, if people don't install these patches, they're vulnerable. I always keep my software and drivers up to date for exactly this reason. Who knows what exploits have been discovered but remain unreported.

Link to post
Share on other sites

You know, Raja was recently talking shit expressing his concerns about his former employer and while I am nowhere near knowledgeable enough to emit any kind of value judgement on his concerns, as long as this shit keeps making the headlines AMD could really glue together chip dies crudely and it would still look better than this many critical vulnerabilities with seemingly no end in sight.


-------

Current Rig

-------

Link to post
Share on other sites
3 minutes ago, yian88 said:

There are no vulnerabilities and patches are dumb performance killers, this is valid only for the most sensitive of data in servers and whatnot.

It has no effect in userland.

In order for anyone to get your raw data from the CPU, they have to execute programs on your machine.... if anyone gets the rights to execute code on a machine they no longer need the vulnerability in the CPU to get your data, hence making all the patches so far pointless and performance destruction for no good reason.

Not quite true.  This exploit works from completely unprivileged processes, including Javascript in websites in certain situations, and can pull data from more sensitive places than the other attacks, including buffer information and info from various secure enclave type areas (based in the intel CPU, unlike Apple's T2 chips).

Quote

pointing the victim to a webpage with malicious JavaScript can steal sensitive information on the system, like passwords and cryptographic keys.

 

It is true though, that the general user will get patched web browsers now (Safari) or soon (others) to mostly mitigate that attack vector as is currently understood.  However, it is an arms race of exploitation vs patching, and even "known safe" doesn't always stay that way.  A recent example of that is here:

https://www.bleepingcomputer.com/news/security/keyloggers-injected-in-web-trust-seal-supply-chain-attack/

 

One of the other interesting bits from the BC coverage of these exploits is that it

Quote

also impacts modern Intel processors, including those of the 9th generation, which include in-silicon mitigations for Meltdown.  This protection, however, "makes them more vulnerable to Fallout, compared to older generation hardware," say the developers of the attack.

This is the bleeping computer article I've quoted a couple times above.

https://www.bleepingcomputer.com/news/security/new-ridl-and-fallout-attacks-impact-all-modern-intel-cpus/

 

Lastly, it is also important to note that there is a LARGE underground set of malicious actors that always reverse engineer security fixes and turn them into working exploits for sale.  The usual turn around time period of this is a day for more simple stuff, such as open source media platforms (Drupal, WordPress, etc), and at most about a week for super complex issues (similar to this).  So, you should definitely be patched and aware, even if you choose to not care about using the hyperthread disabling "full fix".

Link to post
Share on other sites

What are the chances of this actually getting exploited on an everyday consumer machine???

 

I'm tired of hearing that my i7-8750H is a block of swiss cheese. 🤦‍♂️


I have a G7 and it's DELLicious!!!

| Logitech Fanboy | #RiseUpAgainstRazer | #MacsAreGoodComputersToo

 

Meet Hex, my hexacore laptop!

i7-8750H  (6c/12t)
GTX 1060 Max-Q 6GB

16GB DDR4-2666

256GB Toshiba M.2 SATA (boot)

1TB 860 EVO SATA III (storage)

1080p IPS 60Hz display

also in use...

Logitech G603 wireless gaming mouse

Logitech G930 wireless gaming headset

 

Other tech: iPhone SE, Logitech G203 Prodigy, Cooler Master Devastator II (just the keyboard), Sennheiser HD4.40BT

Link to post
Share on other sites

For now, the biggest threat is to server farms. You really do not want your VMs being able to talk to each other or to the hypervisor!! 

The browser-borne exploits would be pretty scary if there was a working example out in the wild. I'm hoping that we will see some client side detection and mitigation of code trying to use that hole even on clients that choose to leave it open. 


Intel 3570K @ 4.4GHz - Gigabyte 1070 - Samsung 860 EVO - 16GB DDR3

Link to post
Share on other sites
7 minutes ago, jake9000 said:

The browser-borne exploits would be pretty scary if there was a working example out in the wild. I'm hoping that we will see some client side detection and mitigation of code trying to use that hole even on clients that choose to leave it open. 

The exploit proofs of concept to do this are on github, so I'm sure it has already been weaponized and available for purchase on the dark web.

Link to post
Share on other sites
20 minutes ago, Techstorm970 said:

What are the chances of this actually getting exploited on an everyday consumer machine???

 

I'm tired of hearing that my i7-8750H is a block of swiss cheese. 🤦‍♂️

Fairly high until all the browsers put in mitigations and you get the microcode updates.  Once those both happen, reasonably low.

Link to post
Share on other sites

Edit: I've done some more reading on MDS since yesterday, and it now appears to me that all Intel CPUs are possibly affected. Intel says they are not, but researchers insist that they are. Out of an abundance of caution, I'm removing my earlier post.
 

Edited by melete

Intel i5-2500k | Cooler Master Hyper 212+ | Gigabyte Z68A-D3-B3 | 8GB G.Skill Ripjaws-X 1333MHz | EVGA 960 4GB SSC Gaming | EVGA GQ 650 | Crucial M4 128GB / Crucial MX500 500GB / Samsung Spinpoint 1TB | Corsair Carbide 400R

Link to post
Share on other sites

WOOO!!!

 

Zombieland Saga - Crossdream Life

 

BRING ON THE WAIFUS!!!


Cor Caeruleus Reborn v6

Spoiler

CPU: Intel - Core i7-8700K

CPU Cooler: be quiet! - PURE ROCK 
Thermal Compound: Arctic Silver - 5 High-Density Polysynthetic Silver 3.5g Thermal Paste 
Motherboard: ASRock Z370 Extreme4
Memory: G.Skill TridentZ RGB 2x8GB 3200/14
Storage: Samsung - 850 EVO-Series 500GB 2.5" Solid State Drive 
Storage: Samsung - 960 EVO 500GB M.2-2280 Solid State Drive
Storage: Western Digital - Blue 2TB 3.5" 5400RPM Internal Hard Drive
Storage: Western Digital - BLACK SERIES 3TB 3.5" 7200RPM Internal Hard Drive
Video Card: EVGA - 970 SSC ACX (1080 is in RMA)
Case: Fractal Design - Define R5 w/Window (Black) ATX Mid Tower Case
Power Supply: EVGA - SuperNOVA P2 750W with CableMod blue/black Pro Series
Optical Drive: LG - WH16NS40 Blu-Ray/DVD/CD Writer 
Operating System: Microsoft - Windows 10 Pro OEM 64-bit and Linux Mint Serena
Keyboard: Logitech - G910 Orion Spectrum RGB Wired Gaming Keyboard
Mouse: Logitech - G502 Wired Optical Mouse
Headphones: Logitech - G430 7.1 Channel  Headset
Speakers: Logitech - Z506 155W 5.1ch Speakers

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×