What are MDS Vulnerabilities and how do I resolve them?

Last Modified

Wed Jul 31 19:22 GMT 2019

Description

• What are MDS Vulnerabilities and how do I resolve them?

Environment

• N-able RMM
• N-able N-central

Solution

• Researchers have discovered critical vulnerabilities in Intel processors that can potentially allow attackers to retrieve data processed by the CPU. These exploits target the microarchitectural data structures (load, store and line buffers) used by the CPU for fast data read/writes. This vulnerability allows any processor to access data processed inside the CPU caches from any other processor without requiring any permissions - potentially compromising any data passed through the CPU. This can include login credentials, disk encryption keys, banking details, browser history, etc. These exploits are known as Microarchitectural Data Sampling (MDS) vulnerabilities, with the latest vulnerability classes labelled ZombieLoad, RIDL, and Fallout.
  • Intel provides several links with additional information including:
    • Intelr Product Security Center Advisories
      • https://www.intel.com/content/www/us/en/security-center/default.html
  • Intel: Side Channel Vulnerability Microarchitectural Data Sampling
    • https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
• Microsoft's Windows client guidance for IT Pros to protect against speculative execution side-channel vulnerabilities can be found here:
  • https://support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
• Apple's Information about the vulnerability can be found here:
  • https://support.apple.com/en-us/HT210108
  • https://support.apple.com/en-us/HT210107
    • Note: AMD issued a security briefing to clarify that their processors are NOT affected by this vulnerability. https://www.amd.com/en/corporate/product-security
• How to help protect a user's computer from an attack
• Confirm all the latest Hardware Patches are installed on the system; a list of Intel Hardware Patches can be found here.
• Confirm all firmware updates are applied to the computer from the 3rd party vendors affected by this vulnerability.
• Check that the machine is up-to-date with all current Windows Patches:
  • Specifically, Windows Patches listed under the Microsoft Security Advisory: ADV190013, ADV180012 and ADV180002
  • ADV190013 is the current advisory as of 5/14 and has the most up to date patches to protect your system.

• Use N-able RMM to Identify and Resolve Machines Impacted by the MDS Vulnerability
• How to verify and determine if your device is affected by the MDS vulnerability (Spectre/Meltdown 2.0) using N-able N-central