In the new patch Intel closes a total of 77 vulnerabilities, which were spotted on various products of the house. These include not only processors but also network cards and drivers for the iGPU. In addition, Intel has discovered a new version of the malware called Zombieload and gives tips for hedging.
Zombieload in a new version
Already in May, researchers had discovered the side channel attack called Zombieload. After the attacks called Specter and Meltdown, Zombieload is another attack on processors. Here, the isolation of simultaneously running processes is overcome. The malware can read data from other processes. Intel had already provided a microcode update in May. Now a new version of the zombie loading malware has been discovered and made public by the manufacturer. On the Intel website, microcode updates are available for download for a number of products.
Incidentally, Intel advises not only to install the microcode updates for the Intel products, but also to use the current operating system together with cumulative updates at the same time. Also, the installation of the latest firmware of a device is advisable, Intel said. However, even then you are not immune from Zombieload. To be on the safe side, disable the processor feature called Transactional Synchronization Extensions. With this extension, speed advantages are generated by the parallel processing of program code. Also enabled hyperthreading is a gateway for the zombie loading malware.
Also worth reading: Zombieload, RIDL, Fallout, Yet Another Meltdown: New vulnerabilities in Intel CPUs
Facts about Patchday at Intel:
- As Intel has announced, microcode updates are now available for a variety of in-house products. The new drivers close 77 vulnerabilities.
- This includes a new variant of the side channel attack called Zombieload. With this malware it is possible to read data from processes of a computer.
- In addition to installing the updates for Intel products, the manufacturer also advises installing the latest version of the operating system or current firmware from PC manufacturers.
- To better protect against Zombieload, Intel recommends switching off the processor function called Transactional Synchronization Extensions, as this is the only way to prevent the parallel execution of program code. However, this may bring about a speed drop.
Sources: Heise, Intel
Also popular with PCGH readers: TOP
Zen 2 in full splendor: Ryzen 3000 and Rome under the microscope
(PLUS) New CPU tests: From Core i5-2500K to Ryzen 9 3900X
AMD Ryzen 9 3950X: All specifications and known details in the video