Intel Discloses Four New Microarchitectural Data Sampling (MDS) Vulnerabilities

[jimbojet2011]

https://mdsattacks.com/

 

The RIDL and Fallout speculative execution attacks allow attackers to leak confidential data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your information to malicious websites. Our attacks leak data by exploiting the newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs. Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to obtain sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.

 

 

[The AchieVer]

Intel Discloses Four New Microarchitectural Data Sampling (MDS) Vulnerabilities 

 

Security researchers have publicly disclosed today a series of potential security vulnerabilities affecting Intel microprocessors, which may allow information disclosure on users' machines.

 

Intel has published a security advisory today informing its customers about four new security vulnerabilities discovered in Intel CPUs, which may lead to information disclosure by allowing a malicious process to read data from another process running on the same CPU core, which is possible due to the use of buffers within the CPU core.

The vulnerabilities could allow a malicious process to speculatively sample data from the said buffers, which apparently aren't cleared when switching between processes, then interpret the contents and read data from another process that is executing on the same CPU core. This can happen when switching between kernel and userspace, host and guest, or two different userspace processes.

The new security vulnerabilities are described in detailed at CVE-2018-12126 for Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12127 for Microarchitectural Load Port Data Samping (MLPDS), CVE-2018-12130 for Microarchitectural Fill Buffer Data Sampling (MFBDS), and CVE-2019-11091 for Microarchitectural Data Sampling Uncacheable Memory (MDSUM).Intel released microcode updates to mitigate the vulnerabilitiesIntel has released today Microcode Updates (MCU) updates for various of its processors to mitigate these potential security vulnerabilities. Users on all known computer operating systems, including Windows, Linux, Mac, and BSD, are encouraged to install these new firmware updates for Intel processors as soon as they're available for their systems.

On some systems, such as Linux distributions, updating the Intel microcode firmware isn't enough to mitigate these new security vulnerabilities as users will also have to install corresponding Linux kernel and QEMU packages that are being prepared as we speak by Canonical, Red Hat, and other major Linux OS vendors.

Intel says that it has worked closely with major operating system vendors and device manufacturers to create feasible solutions for correctly mitigating these new security vulnerabilities to protect users from potential attacks. Intel has published a list of impacted products here, and you can see the status of available microcode updates here.

 

 

 

Source

[The AchieVer]

Canonical Releases Ubuntu Updates to Mitigate New MDS Security Vulnerabilities 

 

Canonical has released today new updates for all of its supported Ubuntu Linux operating system series to mitigate the recently disclosed Microarchitectural Data Sampling (MDS) security vulnerabilities in Intel CPUs.

 

Four new security vulnerabilities affecting Intel microprocessor have been publicly disclosed earlier, and Intel already released updated microcode firmware to mitigate them, but in the case of Linux-based operating system these flaws cannot be addressed only by updating the CPU firmware, but also by installing new Linux kernel versions and QEMU patches.

The vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) affect various Intel processors and could allow a local attacker to expose sensitive information. They have an impact on all supported Ubuntu Linux releases, including Ubuntu 19.04 (Disco Dingo), Ubuntu 18.10 (Cosmic Cuttlefish), Ubuntu 18.04 LTS (Bionic Beaver), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 ESM (Trusty Tahr).

"As these vulnerabilities affect such a large range of Intel processors (across laptop, desktop and server machines), a large percentage of Ubuntu users are expected to be impacted – users are encouraged to install these updated packages as soon as they become available," said Alex Murray, Ubuntu Security Tech Lead at Canonical.Canonical recommends users to also disable Hyper-ThreadingCanonical recommends all users of any of the supported Ubuntu Linux operating systems to install the new Linux kernel, Intel microcode firmware, and QEMU versions that the company released today through its official channels, and also encourages them to disable the Symmetric Multi-Threading (SMT) functionality (a.k.a. Hyper-Threading) as it complicates these new flaws.

Canonical also released today a new kernel live patch for Ubuntu 18.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 14.04 ESM systems to address the new Microarchitectural Data Sampling (MDS) security vulnerabilities in Intel CPUs. However, due to the high complexity of these security flaws, users are urged to reboot their systems into an updated Linux kernel as soon as possible.

The new intel-microcode version you need to update to is 3.20190514.0 for all Ubuntu releases. The new kernel versions are linux-image 5.0.0.15.16 for Ubuntu 19.04, linux-image 4.18.0.20.21 for Ubuntu 18.10, linux-image 4.15.0-50.54 for Ubuntu 18.04 LTS, as well as linux-image 4.4.0-148.174 for Ubuntu 16.04 LTS and 14.04 ESM.

 

 

 

Source

Patch status for the new MDS attacks against Intel CPUs

Where to get updates for Zombieland, RIDL, Fallout, and all the new Intel MDS vulnerabilities.

 

 

 

Earlier today, a group of academics and security researchers disclosed a new vulnerability class impacting Intel CPUs.

 

Known as Microarchitectural Data Sampling (MDS) attacks, these vulnerabilities allow threat actors to retrieve data that is being processed inside Intel CPUs, even from processes an attacker's code should not have access.

 

Four MDS attacks have been disclosed today, with Zombieload being considered the most dangerous of them all:

• CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) [codenamed Fallout] 
• CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
• CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) [codenamed Zombieload, or RIDL] 
• CVE-2018-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

The good news is that Intel had more than a year to get this patched, and the company worked with various OS and software vendors to coordinate patches at both the hardware and software level. Both the hardware (Intel CPU microcode updates) and software (OS security updates) protections must be installed at the same time to fully mitigate MDS attacks. If patches aren't available yet, disabling the Simultaneous Multi-Threading (SMT) feature on Intel CPUs will significantly reduce the impact of all MDS attacks.

 

Below is a summary of all the fixes currently available for today's MDS attacks, along with support pages describing additional mitigation techniques.

INTEL

In a security advisory, Intel said today that it released updated Intel microcode updates to device and motherboard vendors.

 

When would these microcode updates end up on users' computers, it's anybody's guess. If we're to learn anything from the Meltdown and Spectre patching process, the answer is probably never, and Microsoft will eventually have to step in and deliver Intel's microcode updates part of the Windows Update process, just like it did for Meltdown and Spectre last year.

 

In the meantime, Intel has published a list of impacted Intel processors, complete with in-depth details about the status of available microcode updates for each CPU model.

MICROSOFT

 

Until the Intel microcode updates reach users' computers, Microsoft has published OS-level updates to address the four MDS vulnerabilities.

 

Per Microsoft's MDS security advisory, OS updates are available for Windows and Windows Server, but also SQL Serverdatabases.

 

Azure clients are already protected because Microsoft has already taken steps to patch its cloud infrastructure and mitigate the threat.

APPLE

Mitigations for MDS attacks have been deployed with macOS Mojave 10.14.5, released today.

 

"This update prevents exploitation of these vulnerabilities via JavaScript or as a result of navigating to a malicious website in Safari," Apple said.

 

The fix has no "measurable performance impact," the company added.

 

iOS devices use CPUs not known to be vulnerable to MDS, so they don't need special mitigations, for now.

LINUX

The fragmented Linux ecosystem will be slow to receive patches. At the time of writing, only Red Hat and Ubuntu have announced fixes in their distro.

GOOGLE

 

Google published a help page today that lists the status of each product and how it's impacted by today's MDS attacks.

 

Per this page, Google's cloud infrastructure has already received all the proper protections, similar to Azure. Some Google Cloud Platform customers may need to review some settings, but G Suite and Google Apps customers don't have to do anything.

 

Chrome OS has disabled Hyper-Threading on Chrome OS 74 and subsequent versions. This protects against MDS attacks, Google said.

 

Android users are not impacted. Google said OS-level mitigations should protect Chrome browser users.

AMAZON

 

Just like Google and Microsoft, Amazon said it already patched and applied mitigations to its cloud servers on behalf of its users.

 

 

 

Source

[The AchieVer]

How to test MDS (Zombieload) patch status on Windows systems

PowerShell script tells you if you're Windows OS is safe from MDS attacks.

 

 

Today, a group of academics and security researchers disclosed a new type of vulnerability class impacting Intel CPUs -- named Microarchitectural Data Sampling (MDS) attacks.

 

Similar to the now infamous Meltdown and Spectre flaws from last year, MDS attacks allow threat actors to retrieve data that is being processed inside Intel CPUs, even from applications an attacker's code wouldn't normally interact.

 

Four MDS attacks have been revealed today, with Zombieload considered the most dangerous of them all:

• CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS) [codenamed Fallout] 
• CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS) [codenamed RIDL] 
• CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS) [codenamed Zombieload, but also RIDL] 
• CVE-2018-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM) [codenamed RIDL]

To safeguard systems, users must install Intel CPU microcode updates, but also OS-level updates. Microsoft, along with other OS makers, have already released OS patches today.

 

Intel has released microcode updates to motherboard and OEM firmware vendors already, and they should be made available to users as part of OEM firmware updates in the future.

 

Last year, Microsoft released a PowerShell script to help system administrators detect if Meltdown and Spectre patches have installed and are working correctly.

 

Today, Microsoft updated that same script to support the new MDS attacks, which just like the Meltdown and Spectre vulnerabilities, are also flaws in the speculative execution process, and can be detected the same way.

 

Below are the steps to download and use the PowerShell script, as well as information to the way results should be interpreted.

 

1) Open a PowerShell terminal with admin rights. You can do this by clicking the Startbutton, searching for "Windows PowerShell," right-clicking the option, and selecting "Run as Administrator."

 

2) In the PowerShell terminal, enter "$SaveExecutionPolicy = Get-ExecutionPolicy".

 

This will save your current PowerShell execution policy (access rights) to a variable, so you can restore it later.

 

3) In the PowerShell terminal, enter "Set-ExecutionPolicy RemoteSigned -Scope Currentuser". Don't forget to enter "Y" and then press Enter. If that doesn't work, replace Currentuser with Unrestricted.

 

4) In the PowerShell terminal, enter "Install-Module SpeculationControl". This command will download and install Microsoft's speculative execution status check script.

 

5) In the PowerShell terminal, enter "Get-SpeculationControlSettings". This will produce a report like the following:

 

Sections A and B are practically the same, with section A providing a reasonable explanation of what's currently installed on the system. But for clarity, we've pulled Microsoft's explanations for each of these three checks.

 

MDSWindowsSupportPresent or "Windows OS support for MDS mitigation is present"

 

"This line tells you if the Windows operating system support for the Microarchitectural Data Sampling (MDS) operating system mitigation is present. If it is True, the May 2019 update is installed on the device, and the mitigation for MDS is present. If it is False, the May 2019 update is not installed, and the mitigation for MDS is not present."

 

MDSHardwareVulnerable or "Hardware is vulnerable to MDS"

 

"This line tells you if the hardware is vulnerable to Microarchitectural Data Sampling (MDS) set of vulnerabilities (CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12139). If it is True, the hardware is believed to be affected by these vulnerabilities. If it is False, the hardware is known to not be vulnerable."

 

MDSWindowsSupportEnabled or "Windows OS support for MDS mitigation is enabled"

 

"This line tells you if the Windows operating system mitigation for Microarchitectural Data Sampling (MDS) is enabled. If it is True, the hardware is believed to be affected by the MDS vulnerabilities, the windows operating support for the mitigation is present, and the mitigation has been enabled. If it is False, either the hardware is not vulnerable, Windows operating system support is not present, or the mitigation has not been enabled."

 

6) In the PowerShell terminal, enter "Set-ExecutionPolicy $SaveExecutionPolicy -Scope Currentuser" to restore your system's original PowerShell execution policy. If you want to be safe, just use "Set-ExecutionPolicy -ExecutionPolicy Restricted".

 

If patches have not been installed, the team of security researchers who uncovered the MDS attacks recommend disabling the Simultaneous Multi-Threading (SMT) feature on Intel CPUs will significantly reduce the impact of all MDS attacks.

 

 

 

Source

[The AchieVer]

Debian Patches New Intel MDS Security Vulnerabilities in Debian Linux Stretch 

 

The Debian Project has released patched versions of its Linux kernel and intel-microcode packages for the stable Debian GNU/Linux 9 "Stretch" operating system series to address the recently disclosed Intel MDS security vulnerabilities.

 

On May 14th, Intel disclosed four new security vulnerabilitiesaffecting several of its Intel CPUs, which could allow attackers to leak sensitive information if the system remains unpatched. Intel has worked with major OS vendors and device manufactures to quickly deploy feasible solutions for mitigating these flaws, and now patches are available for users of the DebianGNU/Linux 9 "Stretch" operating system series.

"Multiple researchers have discovered vulnerabilities in the way the Intel processor designs have implemented speculative forwarding of data filled into temporary microarchitectural structures (buffers). This flaw could allow an attacker controlling an unprivileged process to read sensitive information, including from the kernel and all other processes running on the system or cross guest/host boundaries to read host memory," reads the security advisory.Users urged to update their Debian systems immediatelyThe Debian Project urges all users of the stable Debian GNU/Linux 9 "Stretch" operating system series to update their installations as soon as possible to the latest Linux kernel version 4.9.168-1+deb9u2 and intel-microcode firmware 3.20190514.1~deb9u1. To fully mitigate these new security vulnerabilities, both packages need to be installed on your Debian GNU/Linux 9 "Stretch" computers.

Please note that the new intel-microcode version is only available in the Debian non-free repository, which you'll have to enable to patch your computer against the MSBDS, MFBDS, MLPDS and MDSUM (a.k.a. CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091) hardware vulnerabilities. The new Linux kernel update also includes a fix for a regression causing deadlocks inside the loopback driver.

 

 

 

Source

[straycat19]

The bottom line....Computers are vulnerable to attack.  We've know that for at least 36 years.  Every new discovery is a remake of Chicken Little's "The sky is falling."

When you start patching your microcode in your processor you are going to affect how well that processor runs.  You end up trading speed for some pie in the sky fix for a vulnerability that you have a 1 in 100 Centillion chance of being victimized with.