Loading Posts...

How To Mitigate “ZombiLoad” New Vulnerability Affects Intel Chips Dating Back To 2011 With Patches

I hope you already heard that the security vulnerability found by the security researchers called Spectra and Meltdown which exploits the weakness in speculative execution and now there is a new round of security vulnerability founded called “ZombieLoad“, let’s see how we can mitigate this ZombiLoad new vulnerability.

What Is “ZombiLoad” Vulnerability?

ZombiLoad or microarchitectural data sampling (MDS) is a side-channel attack targeting to Intel Chip sets, allowing attackers to exploit design flows rather than injecting malicious codes, which consists of four bugs.

The important fact is, it is not affecting to your personal computer, It’s affecting to the Cloud as well. So for us it’s quite important and it’s better to have a great understanding about the mitigation steps beforehand. Most of the vendors such as Microsoft, Apple, Google and AWS has released patches in order to mitigate the vulnerability.

Patches For Apple macOS

At the time of writing this article Apple addressed the security issue with the recently released patches, Apple users who run Mojave should update to macOS 10.14.5 release while other apple users to install any available security patches to their systems.

"ZombiLoad" New Vulnerability : Apple Updates

For more information read macOS Security article.

Patches For Microsoft Operating Systems

Microsoft has released security advisory ADV190013 in order to take the necessary actions to mitigate the risks for their operating systems.

To protect the operating systems, software and firmware (microcode) updates should be installed and it can impact to the performance of the system. Microsoft has already acted to protect its cloud services from this identified security vulnerability.

Recommended Actions :

Microcode updates are not available for below Operating Systems

  • Windows 10 Version 1803 for x64-based Systems
  • Windows Server, version 1803 (Server Core Installation)
  • Windows 10 Version 1809 for x64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)

For more information follow the Microsoft Security Advisory.

Google Chrome And Devices

Google is taking care of the most of the services and customers do not need to perform any actions for this, but for some services customer interaction is required. Review the product and services for customer actions here.

For G Suite customers do not need to worry about this and for Android systems that do not use Intel processors, no additional user or customer action is required while customers who use Intel-based systems that are not Chrome OS devices, should contact their device manufacturer for available updates.

ZombiLoad In Action : Demo

 

How To Mitigate “ZombiLoad” New Vulnerability Affects Intel Chips Dating Back To 2011 With Patches
5 (100%) 4 vote[s]

Aruna Lakmal

Associate Technical Lead at Pearson, Sri Lanka. Technology junky, enthusiast, a VMware vExpert and a blogger with more than 6 years of Experience in Information Technology more focusing on VMware Virtualization, Microsoft and Datacenter Technologies.

Get Updates Directly To Your Inbox!

   

Leave a Reply

Loading Posts...