On May 14, Intel announced a series of security vulnerabilities in its central processing unit (CPU) chips. The vulnerabilities affect computers from as far back as 2008 that are powered by these processors. The vulnerabilities are collectively labeled Microarchitectural Data Sampling (MDS).
The MDS vulnerability allows attackers to access data moving between various components of the processor, stored in the chip’s temporary memory cache. It is considered a speculative execution vulnerability, in which attackers exploit the chip’s speed enhancement process of estimating needed work. It particularly targets the “hyperthreading” process that enables core components to split tasks virtually and thereby speed up processing. Any data passing through the speculative execution process, including personally identifiable information (PII) such as password and credit card numbers, can be extracted. Similarly, bad actors can extract keys to unlock encrypted hard drive data.
Four distinct methods of carrying out MDS attacks have been noted. According to Intel, practical exploitation of the vulnerability is very complex, and no instances of actual exploitation have been reported. The vulnerability has not been noted in chips from other manufacturers, including AMD and ARM.
Recent versions of Intel chips that have been issued address and mitigate this issue. Per the manufacturer, 8th and 9th Generation Intel® Core™ processors, as well as 2nd Generation Intel® Xeon® Scalable processor family chips are not vulnerable. Future processor chips will likewise be protected.
Software updates have been issued for other Intel processors that are vulnerable. Updates have been issued for Windows and Mac computers, as part of security patches. Additionally, firmware “microcode” updates are available for multiple devices, as provided by original equipment manufacturers (OEMs). Updates for hypervisor software, i.e., software that creates and runs virtual machines has likewise been made available from relevant sources.
A fix has also been provided and implemented by Amazon’s cloud services provider, Amazon Web Services (AWS). Per Amazon, “AWS has designed and implemented its infrastructure with protections against these types of bugs, and has also deployed additional protections for MDS.”
Researchers from the Vrije Universiteit of Amsterdam have indicated that the likelihood is high that individual systems using Intel chips have been affected. These researchers have provided a tool to assess MDS vulnerability for individual components.
ACA Aponix Guidance
ACA Aponix recommends taking the following actions regarding the MDS vulnerability:
- Immediately install operating system patches and updates for all devices.
- If not in place already, consider instituting a company-wide automated patch delivery and installation system.
- Inform staff of this vulnerability as relates to personal devices and “bring your own” devices used for work purposes.
- Contact OEMs for hardware in use to access microcode updates. Install these updates when available.
- Contact hypervisor software manufacturers for software updates. Install these updates when available.
- Consider disabling the hyperthreading (parallel simultaneous speed enhancing) processing feature of Intel chips, which has been implicated as a target of the vulnerability. Note that this could impact processing speed.
- Contact any third-party vendors providing cloud services and ensure their use of safeguards against the vulnerability.
- Monitor all devices and company data repositories for unusual activity.
How ACA Can Help
ACA Aponix offers the following solutions that can help your company ensure strong security in light of the vulnerability:
- Cybersecurity and technology risk assessments
- Penetration testing and vulnerability assessments
- Policies, procedures, and governance
- Cyber incident response planning
- Threat intelligence
If you have any questions, please contact your ACA Aponix consultant or email us at firstname.lastname@example.org.