News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Hyper-Threading & ZombieLoad CPU exploit

    Posted on CADesertRat Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories Hyper-Threading & ZombieLoad CPU exploit

    This topic contains 1 reply, has 4 voices, and was last updated by  Steve S. 3 months ago.

    • Author
      Posts
    • #1629247 Reply

      CADesertRat
      AskWoody Plus

      Evidently the researchers that discovered the “Zombieland” side channel problem suggested turning off Hyper Threading in the affected Intel CPU’s but Intel isn’t pushing for it. Another reason I’m glad I went with AMD for my latest build, since it isn’t affected.

      https://www.pcworld.com/article/3395439/intel-hyper-threading-zombieload-cpu-exploit.html

      The easiest fix, the ZombieLoad discoverers said in a document detailing the exploit, is to turn off Hyper-Threading on Intel processors:

      “As ZombieLoad leaks loaded values across logical cores, a straightforward mitigation is disabling the use of Hyper-Threading. Hyper-Threading improves performance for certain workloads by 30 percent to 40 percent.”

      But Intel said that’s not necessarily the only answer for all PC users. In fact, Intel said that it’s really up to each customer to decide what to do. If software cannot be guaranteed to be trusted then yes, maybe you’ll want to disable Hyper-Threading. If your software only comes from the Microsoft Store or your IT department, you could probably leave Hyper-Threading on. For all others, it really depends on how squeamish you are.

      “Because these factors will vary considerably by customer, Intel is not recommending that Intel HT be disabled, and it’s important to understand that doing so does not alone provide protection against MDS,” Intel said in a statement.

      Don't take yourself so seriously, no one else does 🙂
      4 Win 10 Pro currently 1809 (3 Desktops, 1 Laptop).

      1 user thanked author for this post.
      b
    • #1630225 Reply

      Steve S.
      AskWoody Plus

      I was reading about these issues today. Seems a lot of different research teams independently discovered and worked on these vulnerabilities in a non-disclosure environment for about a year.  Graz University of Technology named them the “ZombieLoad” Attack. VUSec (Vrije University Amsterdam) called two variants “RIDL” and “Fallout”. Intel apparently decided to call them “MDS” attacks.

      One thing of interest to me: Intel says the newer i8 and i9 processors are not vulnerable, while the VUSec team says the i9 is more vulnerable – at least to the Fallout attack.

      And of course, there are now several different logos to go with the different names, lol!

      https://zombieloadattack.com/#researcher   — Graz team

      https://mdsattacks.com/    — VUSec team

      https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling     — Intel’s take on it

      The VUSec site above also has a downloadable program to test one’s system for vulnerabilities per ghacks:

      https://www.ghacks.net/2019/05/15/mds-tool-find-out-if-you-are-vulnerable-to-microarchitectural-data-sampling-attacks-mds/

      Win7 Pro x64 (Group B), Win10 Pro x64 1809, Linux Mint + a cat with 'tortitude'.

      • This reply was modified 2 months, 3 weeks ago by  CADesertRat.
      1 user thanked author for this post.
    • #1639034 Reply

      satrow
      AskWoody MVP

      Moonchild’s summary is worth a read:

      TL;DR: If you switch off HT for this on your desktop, you’re being dumb.

      ===
      Honestly, it’s something you cannot really exploit in the wild for anything useful.

      Please read the entirety of the article which highlights some important points.

      3 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Hyper-Threading & ZombieLoad CPU exploit

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.