Intel Previews Newest 'Zombieload' PatchIntel Previews Newest 'Zombieload' Patch
Intel has promised a third patch to remediate the Zombieload speculative execution vulnerability.
January 29, 2020
Intel has announced further developments in its response to a type of vulnerability commonly known as "Zombieload 2," or TSX Asynchronous Abort. The announcement is unusual in that it comes before further remediation is available — part of the "transparency" that Intel has promised around the vulnerabilities.
While the Zombieload vulnerability has been known for nearly a year - like the speculative execution side channel vulnerabilities that preceded it - the flaw is not considered a critical vulnerability. In Zombieload's case, one of the reasons for its non-critical designation is that an attacker must have physical access to the targeted system before the vulnerability can be exploited.
As with Spectre and Meltdown, under very specific conditions Zombieload could allow an attacker to access data like cryptographic keys and passwords that had been loaded into a cache. The great danger is that it could allow the owner of one virtual system read the data belonging to another virtual system hosted on the same server. Intel has already patched its vulnerable CPUs' microcode — twice — to deal with Zombieload, but continues to refine the repairs and now promises new microcode in "the near future."
Intel said it's not aware of any exploits in the wild; it remains a laboratory-only exploit to date
For more, read here.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Quantifying the Gap Between Perceived Security and Comprehensive MITRE ATT&CK Coverage
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report