Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

New Class of Vulnerabilities Leak Data From Intel Chips

Microarchitectural Data Sampling (MDS) Vulnerabilities Impacting Most Chips Over Past Decade

Microarchitectural Data Sampling (MDS) Vulnerabilities Impacting Most Chips Over Past Decade

Microsoft, Apple, Google Release Updates to Address Microarchitectural Data Sampling (MDS) Vulnerabilities Impacting Most Chips Made by Intel 

Millions of computers powered by Intel processors are affected by vulnerabilities that can be exploited by malicious actors to obtain potentially sensitive information. Intel and other tech giants have already released patches and mitigations.

The side-channel attack methods, named ZombieLoad, RIDL (Rogue In-Flight Data Load), and Fallout, are similar to the notorious Meltdown and Spectre, which researchers first disclosed in January 2018. At the time, experts accurately predicted that other similar speculative execution attacks would be discovered.

The attack methods work against both PCs and cloud environments, and they can be launched against most Intel CPUs made in the past decade. The techniques can be used to get applications, the operating system, virtual machines and trusted execution environments to leak information, including passwords, website content, disk encryption keys and browser history.

ZombieLoadFor example, experts have demonstrated that hackers can use the ZombieLoad attack, which is a subclass of RIDL, to obtain a user’s browsing history even if the victim surfs the web from a virtual machine and uses the Tor anonymity network.

The Fallout method is mostly useful for determining the operating system’s memory position, which researchers say strengthens the other attacks.

The vulnerabilities can be exploited using malware planted on the targeted devices, but some of them can also be exploited remotely from the internet via JavaScript code and malicious websites.

Researchers warned that it may be difficult for cybersecurity software to detect attacks, and exploitation of the flaws might not leave any traces in log files. For the time being, there is no evidence of malicious attacks and experts believe the flaws are more likely to be exploited in highly targeted operations.

Intel said the vulnerabilities were first identified by its own researchers and partners, and later independently reported by others, including experts who discovered the original Meltdown and Spectre vulnerabilities. The company has credited researchers from the University of Michigan, Worcester Polytechnic Institute, Graz University of Technology, imec-DistriNet, KU Leuven, University of Adelaide, Microsoft, the VUSec group at VU Amsterdam, Bitdefender (which published its own paper), Oracle, and Qihoo 360.RIDL

A timeline published by researchers shows that Intel started receiving reports about the weaknesses in June 2018.

The flaws, described by intel as Microarchitectural Data Sampling (MDS), have been assigned the following names and CVE identifiers: Microarchitectural Store Buffer Data Sampling (MSBDS, CVE-2018-12126), Microarchitectural Load Port Data Sampling (MLPDS, CVE-2018-12127), Microarchitectural Fill Buffer Data Sampling (MFBDS, CVE-2018-12130), and Microarchitectural Data Sampling Uncacheable Memory (MDSUM, CVE-2018-11091).

“Under certain conditions, MDS provides a program the potential means to read data that program otherwise would not be able to see,” Intel said. “MDS techniques are based on a sampling of data leaked from small structures within the CPU using a locally executed speculative execution side channel. Practical exploitation of MDS is a very complex undertaking. MDS does not, by itself, provide an attacker with a way to choose the data that is leaked.”

Intel has calculated the CVSS scores for each of the vulnerabilities and classified three of them as “medium” and one as “low” severity.

The CPU maker says its newer products, including some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address these vulnerabilities at hardware level. Some of the other impacted products have already received or will receive microcode updates that should mitigate the flaws. Intel has published a list of the processors for which it will release microcode updates and for which it will not release any updates.

Intel says the mitigations should have minimal performance impact for a majority of PCs, but performance may be impacted in the case of data center workloads.Fallout

According to some of the researchers who discovered the ZombieLoad, RIDL and Fallout vulnerabilities, defenses for previously disclosed speculative execution attacks are inefficient against the new threats and in some cases they even “make things worse.”

Research papers have been published and dedicated websites have been set up for each of the attack methods. Proof-of-concept (PoC) exploits, videos showing the exploits in action, and tools that allow users to check whether their system is vulnerable have also been made available. A separate paper also describes a method called Store-to-Leak Forwarding, which shows that Meltdown-like attacks are still possible.

ARM and AMD processors do not appear to be affected. Microsoft, Google, Apple, the Xen Project and Linux distributions have published blog posts and advisories for these flaws. Microsoft, Google, Apple and HP have taken steps to protect customers against potential attacks.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Protection

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...