Researchers from the University of TechnologyGraz was told about the identification of a new class of vulnerability, called Microarchitectural Data Sampling (MDS), which is based on the technology of speculative command execution. The basis of this method is the ability of the processor to predict the data needed by the operating system or application to optimize performance.
Using the vulnerability found, hackers canget access to confidential user data: passwords, website addresses, tokens and other information. Attacks can be four different types, named: ZombieLoad, Fallout, RIDL (Rogue In-Flight Data Load) and Store-to-Leak Forwarding.
Vulnerability not only endangersdesktops, but also cloud servers and virtual machines. Access to the computer is not real-time, so at the moment it is not known whether the breach was used to steal confidential information.
It is revealed that all Intel processors released with2011 are subject to this class of vulnerability. The exception is the 8th and 9th generation processors, as well as the 2nd generation Xeon Scalable server processors, in which this vulnerability is fixed at the hardware level.
Intel developers to fix vulnerabilitiesreleased an update that clears all data from the buffer on each reboot. This update uses computer resources and reduces performance. However, these losses are extremely small, and Intel said that for an ordinary user, the decline in performance will pass unnoticed.
In addition, after studying the vulnerability wasrecommended to disable proprietary technology Hyper-Threading. However, in this case, a noticeable decrease in productivity of approximately 40% will occur. Apple, Microsoft, IBM Red Hat recommend that users disable Hyper-Threading. Google disables it in Chrome OS 74. At the same time, Intel itself does not recommend doing this. Apple, Microsoft and Google additionally released updates for their own devices, and Amazon updated the Web Services cloud service.