New ‘ZombieLoad’ Attacks Intel’s Newest Cascade Lake Chips


SECURITY NOTICE: Security vulnerability MDS (Microarchitectural Data Sampling) detected in Intel chips in April 2019 was extended in November 2019 by the additional discovery of a new form of ZombieLoad called TAA (TSX Asynchronous Abort). After Spectre, Meltdown and Foreshadow vulnerabilities, the Zombieload strain is another critical weakness for modern processors.

MDS is a side-channel attack targeting Intel chips. It is made up of four different bugs: ZombieLoad, RIDL, Fallout and Store-to-Leak Forwarding. Thanks to these, hackers can exploit design flaws, instead of needing to inject malicious code. Intel was only informed of said bugs in April this year, but information about the new discovery of ZombieLoad TAA was not released until this month. The affect of ZombieLoad TAA on VMware products is documented in VMware Security Advisory VMSA-2019-0020, and is already included in Runecast Analyzer security-check capabilities for VMware-powered SDDCs.

“The new variant of the ZombieLoad attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor. The vulnerability is found in how the processor tries to predict the outcome of future commands. This technique, known as speculative execution, makes the processor run faster, but its flawed design makes it possible for attackers to extract potentially sensitive data.”

Like in the cases of Spectre and Meltdown, the cloud is also affected. ZombieLoad can be triggered in virtual machines (VMs). One of the researchers said that it works just like it does on PCs, with ZombieLoad being able to read data off the processor, becoming a major issue in environments where several VMs run on the same hardware in the SDDC.

Intel already released patches against the vulnerable chips, but the chip-making giant recognizes that the mitigations “may not completely prevent the inference of data through a side channel using these techniques.”

For those running a VMware-powered SDDC, Runecast Analyzer enables you to automatically identify whether you are affected by all vulnerabilities mentioned above and, if affected, gives you the remediation steps to improve your infrastructure.

If you run the latest Cascade Lake processors, you are probably affected by the ZombieLoad issue. In order to check the extent of your exposure, start a trial with Runecast today and receive an analysis of your SDDC for free.

Your Runecast Team