×

Registration

Profile Informations

Login Datas

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

ZombieLoad 2 TSX Security Threat Affects Intel CPUs Even 10th Gen, Update Now

Intel 10th Gen Bug
Intel has disclosed another speculative side execution vulnerability affecting many of its processors, including its latest 10th generation Ice Lake CPUs. Fortunately, there are already mitigating patches available, at least for users who are running Windows 10, Windows 8.1 (and Windows RT 8.1), Windows 7, and various Windows Server versions.

The vulnerability has to do with an extension to the x86 instruction set architecture called Intel Transactional Synchronization Extensions (Intel TSX). This extension adds hardware transactional memory support to improve multi-threaded workloads. The flaw has been dubbed TSX Asynchronous Abort (also known as ZombieLoad 2), which Intel says is similar to Microarchitectural Data Sampling (MDS) and affects the same buffers (store buffer, fill buffer, and load port writeback data bus).

Here's how Intel describes the vulnerability...

"Intel TSX supports atomic memory transactions that are either committed or aborted. When an Intel TSX memory transaction is aborted, either synchronously or asynchronously, all earlier memory writes inside the transaction are rolled back to the state before the transaction start. While an Intel TSX asynchronous abort (TAA) is pending, certain loads inside the transaction that are not yet completed may read data from microarchitectural structures and speculatively pass that data to dependent operations. This may cause microarchitectural side effects, which can later be measured to infer the value of the data in the microarchitectural structures."

There is a string of speculative execution side-channel attack vectors that have already been disclosed and mitigated through prior patches, including the original ZombieLoad. This new one, however, is able to sidestep previously released security measures.

The bug affects a wide range of CPUs, including its 10th generation Core processors (mobile), 2nd generation Xeon scalable processors (server), Xeon W processor family (workstation), 9th generation Core processors (mobile and desktop), Xeon processor E family (workstation and server), 10th generation Pentium Gold processor series (mobile), 10th generation Celeron 5000 series (mobile), and 8th generion Core processors (mobile).

Microsoft Addresses ZombieLand 2 Security Flaw In Intel Processors With Windows Patches

Microsoft is already on top of the ball with a bit of a plain-English breakdown and security patches for several versions of Windows.

"To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to execute code or to elevate user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system," Microsoft says.

Links to download patches can be found on Microsoft's CVE-2019-11135 support page. Additionally, mitigations are included in this month's Patch Tuesday update, which released yesterday.

Go to Source