What You Need To Know To Protect Yourself From The ZombieLoad Attack

30th May, 2019 by

If you’re not yet aware, ZombieLoad is a vulnerability recently discovered that follows in the footsteps of last year’s “Spectre” and “Meltdown” vulnerabilities. ZombieLoad affects Intel processors created after 2011. Continue reading for more information on how to protect your Intel devices.

Note: AMD has confirmed that their processors were not affected by ZombieLoad.

What is ZombieLoad?

The ZombieLoad vulnerability could potentially allow malicious hackers to view your passwords, browse your history, website content, encryption keys, or other sensitive information accessed while using a corrupted Intel processor. Hackers are able to do this through software that exploits the bugs in Intel hardware vulnerabilities.

According to the official ZombieLoad Attack website, “While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.”

ZombieLoad, also known as CVE-2018-12130, exploits how CPUs handle high amounts of data beyond what the processor can handle. These high loads are oftentimes referred to as ZombieLoads. By overloading the CPU, elements of the microcode are activated to prevent the whole PC from crashing. However, if the microcode also activates malicious software, then hackers have accessed a flaw and may view your sensitive information.

For more information, or to download the full report, please refer to ZombieLoad Attack.

How do I know if I am affected?

Unfortunately, there is no one way to know if you have been affected by ZombieLoad. Also troubling, antivirus software and internet security suites cannot tell you if you’ve been affected. If you’ve been using an Intel processor, odds are that you are at risk. However, this does not necessarily mean that you’ve been targeted. Recent reports have also stated that Google Chrome users are at less of a risk due to a protective Chrome patch released. Nevertheless, the best course of action is to protect your devices as soon as possible.

Protecting your devices

Protecting your systems will depend on which operating system your computer or server is currently running. There are processes and patches available whether you are running Windows, Mac, or Linux.

For Linux systems:

Greg Kroah-Hartman, the stable Linux kernel maintainer, recently wrote, “I’m announcing the release of the 5.1.2 kernel. All users of the 5.1 kernel series must upgrade. Well, kind of, let me rephrase that… All users of Intel processors made since 2011 must upgrade.” You can find the 5.1.2 kernel here. Also, Canonical has released information on mitigating against ZombieLoad.

For Windows systems:

Microsoft released updates to patch the ZombieLoad vulnerability on May 14, 2019. If you have updated your systems since the update release, you have already protected your systems. Learn more about Windows updates from this helpful OnMSFT article or the Microsoft Support website.

Protecting your 100TB server

Please note that if you currently operate an unmanaged server with 100TB, you are responsible for patching your server(s). If you have any questions regarding updating your systems, please contact our expert technical support team – they will be happy to assist you.