Published in PC Hardware

Intel has a third go at patching 'Zombieload' CPU security flaw

by on28 January 2020


Third time lucky?

For the third time in less than a year, Intel has disclosed a new set of vulnerabilities related to the speculative functionality of its processors.

On Monday, the company said it will issue a software update "in the coming weeks" that will fix two more microarchitectural data sampling (MDS) or Zombieload flaws. This latest update comes after the company released two separate patches in May and November of last year.

Compared to the MDS flaws Intel addressed in those two previous patches, these latest ones have a couple of limitations. One of the vulnerabilities, L1DES, doesn't work on Intel's more recent chips and a hacker can't execute the attack using a web browser. Intel says it's "not aware" of anyone taking advantage of the flaws outside of the lab.

In response to complaints of the company's piecemeal approach, Intel said that it has taken significant steps to reduce the danger the flaws represent to its processors.

A spokesIntel said: "Since May 2019, starting with Microarchitectural Data Sampling (MDS), and then in November with TAA, we and our system software partners have released mitigations that have cumulatively and substantially reduced the overall attack surface for these types of issues. We continue to conduct research in this area -- internally, and in conjunction with the external research community."

Last modified on 28 January 2020
Rate this item
(0 votes)

Read more about: