Staff member
"Multiple security researchers have released details about a new class of speculative attacks against all modern Intel processors. The attacks are different from and more dangerous than Meltdown, Spectre and their variations because they can leak data from CPU buffers, which is not necessarily present in caches.

Two attacks dubbed RIDL and Fallout exploit a set of four vulnerabilities collectively known as Microarchitectural Data Sampling (MDS) vulnerabilities - a name given by Intel. The flaws affect Intel CPUs released since 2008, the researchers say."

More details: New RIDL and Fallout Attacks Impact All Modern Intel CPUs

Exploit Demo & FAQ [Am I Affected?]


Level 35
Four new vulnerabilities have been discovered in Intel processors that can be exploited via speculative execution side-channel attacks called RIDL, Fallout, and ZombieLoad.

These vulnerabilities allow attackers to steal passwords, cryptographic keys, or any other type of data to be loaded or stored in the memory of the CPU buffers.
The vulnerabilities are being categorized as Microarchitectural Data Sampling (MDS) speculative execution vulnerabilities and are associated with the four uniquely identifiable CVEs below:
  • CVE-2018-12126 - Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12130 - Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12127 - Microarchitectural Load Port Data Sampling (MLPDS)
  • CVE-2019-11091 - Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
For more information on how these vulnerabilities work, who discovered them, and how you can test if you are vulnerable, you can read our New RIDL and Fallout Attacks Impact All Modern Intel CPUs article.

Researchers have also setup dedicated pages about these attacks, which are listed below:
To aid those who are concerned about the vulnerabilities, we have compiled the known vendor advisories and available updates below.

It is important to remember, that the current solutions are mitigations only and do not completely fix the vulnerabilities. To fully resolve these vulnerabilities, all vendors state that you would need to disable hyper-threading, which would have a performance impact on your computer.

If you are a vendor with a advisory or notice or a user who know of one that we are missing, please contact us to have your information added.

Last Updated: 05/14/19 18:56 EST


Level 54
Content Creator
Malware Hunter
Intel MDS Vulnerabilities: What You Need to Know | SecurityWeek.Com
Intel says its newer products, such as some 8th and 9th generation Core processors and 2nd generation Xeon Scalable processors, address these vulnerabilities at hardware level. Some of the other affected products have received or will receive microcode updates that should mitigate the flaws. The company has published a technical deep dive and a list that users can check to see if their processors will receive microcode updates.

Intel says the mitigations should have minimal performance impact for a majority of PCs, but performance may be impacted in the case of data center workloads.
Disabling hyper-threading on vulnerable CPUs should prevent exploitation of the vulnerabilities.


Level 35
Google disclosed a local proximity vulnerability impacting Bluetooth Low Energy (BLE) Titan Security Keys sold in the U.S. stemming from a "misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols."

According to the BLE Titan Security Key store page, "Titan Security Keys help prevent phishing and keep out anyone who shouldn’t have access to your online accounts. Security keys are the same level of security used internally at Google."

Google Cloud Product Manager Christiaan Brand says in the vulnerability announcement that non-Bluetooth security keys — such as USB or NFC — are not affected by the software flaw.
As the company states, potential attackers who manage to get within Bluetooth range — roughly 30 feet — while the security key is used can communicate with both the security key and the device to which it is paired.

Google also announced that for the pairing protocol misconfiguration to be abused, would-be attackers would have to very accurately his actions with a series of events:
... ...
Where to get updates for Zombieland, RIDL, Fallout, and all the new Intel MDS vulnerabilities.
Below is a summary of all the fixes currently available for today's MDS attacks, along with support pages describing additional mitigation techniques.

In a security advisory, Intel said today that it released updated Intel microcode updates to device and motherboard vendors.

When would these microcode updates end up on users' computers, it's anybody's guess. If we're to learn anything from the Meltdown and Spectre patching process, the answer is probably never, and Microsoft will eventually have to step in and deliver Intel's microcode updates part of the Windows Update process, just like it did for Meltdown and Spectre last year.

In the meantime, Intel has published a list of impacted Intel processors, complete with in-depth details about the status of available microcode updates for each CPU model.

Until the Intel microcode updates reach users' computers, Microsoft has published OS-level updates to address the four MDS vulnerabilities.


Level 35

... ...
How can I tell if I am affected by the ZombieLoad flaw?
Unfortunately, there's currently no easy way to tell if you're affected by the ZombieLoad flaw. Also, antivirus software and internet security suites won't identify the flaw.

However, if you use a device that runs on an Intel processor that you bought after 2011, it's very likely that you are vulnerable to ZombieLoad.

This means PCs, Macs and Intel-based tablets are all vulnerable. It's safest to assume at this point that you are vulnerable to ZombieLoad unless you exclusively use devices that run on AMD or ARM processors.

Before you begin to panic, it's worth noting that while it's likely you're using hardware that's vulnerable to ZombieLoad attacks, that doesn't mean you've been targeted. There isn't any evidence out there that ZombieLoad has been used to attack devices yet – however it does mean you want to make sure your devices are all updated to be protected against ZombieLoad as soon as possible.
... ...


Level 35
Microsoft Secretly Fixed a New Speculative Vulnerability in Intel CPUs

During the July 2019 Patch Tuesday security updates, Microsoft secretly patched a new variant of the Spectre 1 speculative execution side channel vulnerabilities that allowed information disclosure in Windows.

This vulnerability was given CVE ID CVE-2019-1125 and a title of "Windows Kernel Information Disclosure Vulnerability". Microsoft states that they held back on documenting the vulnerability until today as part of a coordinated industry disclosure.

According to Microsoft, Andrei Vlad Lutas of Bitdefender discovered this new vulnerability in some Intel CPUs that would allow malicious user mode programs to access and read the contents of the Windows Kernel memory.