Intel MDS attack mitigation: An overview

Intel has revealed on Tuesday that some of its CPUs are vulnerable to a number of new speculative execution attacks that may allow attackers to stealing sensitive data and keys/passwords.

Intel MDS attack mitigation

ZombieLoad, RIDL and Fallout attacks have been extensively written about by the various groups of researchers that came up with them, but many customers and enterprise users are still unclear on whether these could affect them and what they can do to protect themselves.

A short rundown

The four vulnerabilities that allow these attacks affect only processors manufactured by Intel. Unfortunately, these can be found in many servers, desktops, laptops and smartphones.

To remove or mitigate the danger these attacks present to users, the affected systems should get a microcode (firmware) update and a software update.

Intel has already released microcode updates for many of the affected CPUs. Some of the updates are still in the works, and some products will not receive them (specifics are available here). Future processors will have integrated fixes.

Intel also advised on mitigations OS and drive developers, VM monitor developers, developers of software running in secure enclaves and system administrators can deploy.

The researchers behind the RIDL and Fallout attacks have provided tools for Microsoft and Linux users to check whether their devices are vulnerable. There is currently no similar tool for the ZombieLoad attack.

Software updates available

Software providers have also provided guidance and security updates.

Microsoft has released updates for Windows users and Azure customers.

Apple has released security updates in macOS Mojave 10.14.5 (iOS devices or Apple Watches are not affected) and has noted that high-risk users can disable hyper-threading processing technology for complete mitigation, but warned that this move may come with a rather steep performance penalty.

Red Hat, Debian, Ubuntu and SuSE have done the same. Oracle has provided patches for Oracle OSes (Linux and Solaris) and virtualization systems and has implemented mitigations acrtoss its cloud offerings.

Google has offered an overview of how the attacks can affect users of its various services and devices and what they should do about it.

AWS has implemented the required protections, and so has IBM.