HKCert
Security Blog

Watch out for New Zombieload Side-channel Attack

Release Date: 21 / 05 / 2019
Last Update: 21 / 05 / 2019

HKCERT noted the recent discovery of multiple Microarchitectural Data Sampling (MDS) vulnerabilities in Intel’s Central Processing Unit (CPU). Hackers may exploit these vulnerabilities to access buffer data being processed in the CPU, enabling them to seize sensitive information from the user computers.

 
For the attacks to materialise, users need to execute the malware or the malicious code of the attack. As such type of attack involves complex operation and a small section of the CPU architecture, the risk posed to enterprise users and cloud service providers is relatively higher than individuals.
 
As hackers may exploit these vulnerabilities to access sensitive information of other users running on the same virtualised platform, HKCERT thereby recommends enterprise users and cloud service providers to install the related patch updates. However, they should also pay attention to potential performance reduction from the patch updates. Thorough testing and system performance assessment is therefore recommended prior to patch installation.
 
To address the issue, cloud service providers (e.g. Azure, Google, and AWS) have taken mitigation measures to reduce the threat on their cloud infrastructure. Moreover, Intel has provided microcode updates for various operating system developers to fix the problem. For example, Microsoft Windows has issued fixes and released patches in the Monthly Microsoft Patch Releases in May, while Apple macOS Mojave 10.14.5 has added mitigation measure against MDS attack. Some Linux operating systems (e.g. Oracle Linux, Redhat and Ubuntu) have also provided patch updates.
 
Although the probability of hackers exploiting the vulnerabilities to attack personal users and steal their sensitive data is relatively low, such users still must stay vigilant. They should not open any suspicious emails, application software or website links; and regularly update their operating systems.
 
Should users have any question on the related vulnerabilities, you are most welcome to contact us via email: [email protected] or our 24-hour telephone hotline: 8105 6060, we will provide respective assistance and security advisory. HKCERT will continue monitoring the latest development of this vulnerability. Should there be any further updates, we will accordingly inform the public.