Updates gegen die Intel-Prozessorlücken ZombieLoad & Co.
Für alle aktuellen Windows-Versionen, viele Linux-Distributionen und Hypervisoren wie VMware ESXi kommen Patches gegen ZombieLoad & Co.
Zum Microsoft-Patchday im Mai 2019, also am 14. Mai, hat Intel Informationen zu vier neuen Sicherheitslücken in vielen Core-i- und Xeon-Prozessoren veröffentlicht: Microarchitectural Data Sampling (MDS) alias ZombieLoad.
Für aktuelle Windows-Versionen, viele Linux-Distributionen und Hypervisoren wie VMware gibt es bereits Sicherheitsupdates. Auch der Linux-Kernel geht gegen die MDS-Lücken vor [1]. AMD betont, dass die eigenen Prozessoren nicht von MDS betroffen [2] sind.
Intel hat Microcode-Updates für betroffene Prozessoren vorbereitet, die auf den üblichen Wegen verteilt werden: Entweder über Updates für Betriebssysteme oder über BIOS-Updates: Ein Überblick.
- ZombieLoad bei heise online: Neue Sicherheitslücken in Intel-Prozessoren [3]
Intel
- Intel Security Advisory Intel-SA-00233 [4]
- GitHub: Intel-Linux-Processor-Microcode-Data-Files [5]
- List of MDS-affected processors by Family/Model [6]
- Deep Dive: Intel Analysis of Microarchitectural Data Sampling [7]
Microsoft
- Sicherheitsempfehlung ADV190013: Anweisungen von Microsoft zur Risikominderung von Microarchitectural Data Sampling-Sicherheitsanfälligkeiten [8]
- Windows 10 1903, Windows Server 2019 1903: KB4497165 [9]
- Windows 10 1809, Windows Server 2019 all versions: KB4494441 [10], KB4494174 [11]
- Windows 10: KB4494454: Intel Microcode Updates [12]
- Windows 10 1803: KB4499167 [13], KB4494451 [14]
- Windows 10 1709: KB4494452: Intel Microcode-updates [15]
- Windows 8.1, Windows Server 2012 R2: KB4499151 (Rollup) [16]
- Windows 8.1, Windows Server 2012 R2: KB4499165 [17]
- Windows Server 2012, Windows Embedded 8 Standard: KB4499158 [18]
- Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1: KB4499175 [19]
MITRE
Amazon
- Amazon Linux AMI Security Advisory: ALAS-2019-1205 [24]
Apple
Canonical
Debian
Debian Security Advisories
- DSA-4444-1 [27]
- DSA-4447-1 [28]
- CVE-2018-12126 [29]
- CVE-2018-12127 [30]
- CVE-2018-12130 [31]
- CVE-2019-11091 [32]
FreeBSD
Security Advisory FreeBSD-SA-19:07.mds [33]
- Chromium Security: Microarchitectural Data Sampling [34] (auch Chrome OS)
- Kubernetes Engine Security Bulletin [35]
IBM
Red Hat
SUSE
VMware
- VMware Security Advisory VMSA-2019-0008 [39]
(VMware ESXi 6.0, 6.5, 6.7, Workstation 15.x, Fusion 11.x)
Xen
Informationen zu den MDS-Sicherheitslücken
Bitdefender
- Yet Another Meltdown – A Microarchitectural Fill Buffer Data Sampling Vulnerability [41] (CVE-2018-12130)
Cyberus Technology
TU Graz
Vrije Universiteit Amsterdam
Red Hat
Sicherheitslücken durch Microarchitectural Data Sampling (MDS) in Intel-Prozessoren | |
Microarchitectural Store Buffer Data Sampling (MSBDS), Fallout | CVE-2018-12126 |
Microarchitectural Fill Buffer Data Sampling (MFBDS), ZombieLoad, RIDL, YAM | CVE-2018-12130 |
Microarchitectural Load Port Data Sampling (MLPDS) | CVE-2018-12127 |
Microarchitectural Data Sampling Uncacheable Memory (MDSUM) | CVE-2019-11091 |
URL dieses Artikels:
https://www.heise.de/-4422413
Links in diesem Artikel:
[1] https://www.heise.de/news/Neue-Linux-Kernel-schuetzen-vor-ZombieLoad-aka-MDS-4422245.html
[2] https://www.amd.com/en/corporate/product-security
[3] https://www.heise.de/news/Neue-Sicherheitsluecken-in-Intel-Prozessoren-ZombieLoad-4421217.html
[4] https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
[5] https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/
[6] https://software.intel.com/security-software-guidance/insights/deep-dive-cpuid-enumeration-and-architectural-msrs#MDS-CPUID
[7] https://software.intel.com/security-software-guidance/insights/deep-dive-intel-analysis-microarchitectural-data-sampling
[8] https://portal.msrc.microsoft.com/de-de/security-guidance/advisory/adv190013
[9] https://support.microsoft.com/de-de/help/4497165/kb4497165-intel-microcode-updates
[10] https://support.microsoft.com/de-de/help/4494441/windows-10-update-kb4494441
[11] https://support.microsoft.com/en-us/help/4494174/kb4494174-intel-microcode-updates
[12] https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
[13] https://support.microsoft.com/de-de/help/4499167/windows-10-update-kb4499167
[14] https://support.microsoft.com/en-us/help/4494451/kb4494451-intel-microcode-updates
[15] https://support.microsoft.com/de-de/help/4494452/kb4494452-intel-microcode-updates
[16] https://support.microsoft.com/de-de/help/4499151/windows-8-1-update-kb4499151
[17] https://support.microsoft.com/de-de/help/4499165/windows-8-1-update-kb4499165
[18] https://support.microsoft.com/de-de/help/4499158/windows-server-2012-update-kb4499158
[19] https://support.microsoft.com/de-lu/help/4499175/windows-7-update-kb4499175
[20] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
[21] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
[22] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
[23] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
[24] https://alas.aws.amazon.com/ALAS-2019-1205.html
[25] https://www.heise.de/news/ZombieLoad-Co-Apple-ergreift-Gegenmassnahmen-4422624.html
[26] https://blog.ubuntu.com/2019/05/14/ubuntu-updates-to-mitigate-new-microarchitectural-data-sampling-mds-vulnerabilities
[27] https://www.debian.org/security/2019/dsa-4444
[28] https://www.debian.org/security/2019/dsa-4447
[29] https://security-tracker.debian.org/tracker/CVE-2018-12126
[30] https://security-tracker.debian.org/tracker/CVE-2018-12127
[31] https://security-tracker.debian.org/tracker/CVE-2018-12130
[32] https://security-tracker.debian.org/tracker/CVE-2019-11091
[33] https://www.freebsd.org/security/advisories/FreeBSD-SA-19:07.mds.asc
[34] https://www.chromium.org/Home/chromium-security/mds
[35] https://cloud.google.com/kubernetes-engine/docs/security-bulletins
[36] https://www.ibm.com/blogs/psirt/ibm-addresses-reported-intel-security-vulnerabilities/
[37] https://access.redhat.com/security/vulnerabilities/mds
[38] https://www.suse.com/c/suse-addresses-microarchitectural-data-sampling-vulnerabilities/
[39] https://www.vmware.com/security/advisories/VMSA-2019-0008.html
[40] http://xenbits.xen.org/xsa/advisory-297.html
[41] https://labs.bitdefender.com/2019/05/yet-another-meltdown-a-microarchitectural-fill-buffer-data-sampling-vulnerability/
[42] https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
[43] https://zombieloadattack.com/
[44] https://cpu.fail/
[45] https://mdsattacks.com/
[46] https://www.redhat.com/en/blog/understanding-mds-vulnerability-what-it-why-it-works-and-how-mitigate-it
[47] mailto:ciw@ct.de
[48] mailto:ciw@ct.de
Copyright © 2019 Heise Medien