Newly-found ‘MDS’ is the next Meltdown. Here’s how to stop it.


Independent security researchers have identified a new class of vulnerabilities in Intel chips, dating back to 2011 which, if exploited, could leak sensitive data stored in the processor, such as keys, account tokens, private messages, passwords and more.

MDS is a side-channel attack targeting Intel chips. It is made up of four different bugs: ZombieLoad, RIDL, Fallout and Store-to-Leak Forwarding. Thanks to them, hackers can exploit design flaws, instead of injecting code. Intel was only informed of said bugs in April this year.

ZombieLoad will leak any and all data loaded by the processor’s core to the attacker. Like in the cases of Spectre AND Meltdown, the cloud is also affected. ZombieLoad can be triggered in VMs. One of the researchers said it works just like it does on PCs, with ZombieLoad being able to read data off the processor, becoming a major issue in environments where several VMs run on the same hardware (SDDC).

“As technologies become more and more complex, we believe it takes the ecosystem working together to keep products and data more secure. We appreciate the research community and our industry partners for their contributions and coordinated disclosure of these issues.” Intel wrote in a webpage, describing the issue, while downplaying the potential effect of these issues in real-life environments.

Chip and software companies alike have moved quickly to patch the vulnerability. VMware, in particular, added instructions on how to implement Hypervisor-Specific Mitigations for Microarchitectural Data Sampling (MDS) Vulnerabilities for both the Concurent-context attack vector and the Sequential-context attack vector.

At Runecast, we now allow you to validate whether you are affected by the vulnerability and review the implementation status of those Hypervisor-assisted and Hypervisor-Specific Guest Mitigations. If you are affected, Runecast will provide tailored instructions on how to approach and solve the issue.

Additionally, Runecast enables you to validate your environment against the security advisory on this issue (VMSA-2019-0008) in order to return to compliance.

If you run Intel Xeon, Intel Broadwell, Sandy Bridge, Skylake, Haswell, Intel Kaby Lake, Coffee Lake, Whiskey Lake, Cascade Lake, Atom or Knights processors, you are probably affected by this issue. In order to check the extent of your exposure, start a trial with Runecast today and receive a full report, for free.