Zombieload flaw in Intel processors.

Forums › IT Pro and developers › Zombieload flaw in Intel processors.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#249526 15-May-2019 07:21

https://techcrunch.com/2019/05/14/zombieload-flaw-intel-processors/
I introduce Spectre and Meltdown. Part III

This is pretty bad, and just as bad as the last two.

That along with the RDP vulnerability that came out recently.

premiumtouring

357 posts

Ultimate Geek
+1 received by user: 143

#2237120 15-May-2019 07:50

The frustrating part of these exploits is not so much the security vulnerability but rather Intel's solutions affecting performance. This microcode patch is going to be a 3% hit. Taking into consideration the previous patches as well we are looking at a 10% hit in total to performance.

insane

3324 posts

Uber Geek
+1 received by user: 1006

ID Verified

Trusted

2degrees

Subscriber

#2237126 15-May-2019 08:00

I'm guessing that these researchers are now on AMD's payroll?

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#2237139 15-May-2019 08:19

Na AMD will be hit just as hard if they ever become big enough to target. Last I heard it's still sub 10% so unless you have something juicy its just not worth the effort. Both are pretty guilty of taking "shortcuts" in the name of performance that opens risk

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#2237140 15-May-2019 08:20

Still, Fun fun fun been for IT guys patching this in secure enviroments

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#2237145 15-May-2019 08:31

Beccara:

Still, Fun fun fun been for IT guys patching this in secure enviroments

I hear you.... But if you don't have a process to patch in airgapped networks then you're opening yourself up to compromise. All it takes is one idiot to inadvertently plug a non-authorized device into the network to bring it down. Anyone say UK NHS and WannaCry. That being said moving the USB thumb drive between networks to hold the patches is an attack vector, hence why you need to manage things properly.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#2238159 15-May-2019 09:23

premiumtouring:

The frustrating part of these exploits is not so much the security vulnerability but rather Intel's solutions affecting performance. This microcode patch is going to be a 3% hit. Taking into consideration the previous patches as well we are looking at a 10% hit in total to performance.

Which would pretty much revert us to the performance gains over the last 5+ years.

Quic Broadband

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#2238160 15-May-2019 09:24

Yeah its all just man-hours, Almost just need to employ a person who does nothing but running around doing 0-day mitigation. Gotta love the MS blog title, They ain't messing around

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

openmedia

3449 posts

Uber Geek
+1 received by user: 877

Trusted

#2238302 15-May-2019 12:12

We've just published some blogs on the issue

Generally known online as OpenMedia, now working for Red Hat APAC as a Technology Evangelist and Portfolio Architect. Still playing with MythTV and digital media on the side.

premiumtouring

357 posts

Ultimate Geek
+1 received by user: 143

#2238343 15-May-2019 13:25

"An Apple support document on the ZombieLoad vulnerability provides details for "full mitigation" protection that can be enabled for customers with computers at heightened risk or that run untrusted software on their Macs.

Full mitigation requires using the Terminal app to enable additional CPU instructions and disable hyper-threading processing technology, which is available for macOS Mojave, High Sierra, and Sierra, but not on certain older machines. Apple says full mitigation could reduce performance by up to 40 percent, so most users will not want to enable it.

According to Intel, its microcode updates will have an impact on processor performance, but for the patch that Apple released in macOS Mojave 10.14.5, there was no measurable performance impact. Apple's fix prevents the exploitation of ZombieLoad vulnerabilities via JavaScript in Safari."

As much as 40%. Jesus.

I'd be super interested in seeing CPU reviewers go back and re:benchmark these "patched" Intel processors, and see whether or not they still hold water versus the AMD counterparts in testing.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#2238349 15-May-2019 13:31

40%, seriously?

I am wondering what precedent there would be for a class action law suit?

I will be interested to see what Windows Performance hit ends up as?

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#2238372 15-May-2019 13:58

Hopefully it's like the specter patches that had a 30% performance hit but only on some odd ball use cases. We saw 1-2% at best which was what others were seeing too

Lego

Shop now for Lego sets and other gifts (affiliate link).

PolicyGuy

1820 posts

Uber Geek
+1 received by user: 1769

ID Verified

Lifetime subscriber

#2238410 15-May-2019 15:18

The 40% performance hit would come from disabling HYPErthreading, if and only if the target application set could actually advantageously use HYPErthreading.

It is interesting to note that BSD has HYPErthreading turned off by default, not only because of the security issues it brings, but also because many workloads - particularly server-type workloads - don't gain any advantage, and sometime a disadvantage, from having it on.

In the Windows world, it was regarded as Best Practice to turn off HYPErthreading for MS SQL Server instances, for example.

YMMV

And isn't it interesting to have both AMD and ARM come out and say words to the effect of "We don't have this issue, it's an Intel® special"

matisyahu

1639 posts

Uber Geek
+1 received by user: 355

Trusted

#2238436 15-May-2019 15:49

Both my iMac and MacBook, as part of 10.14.5 came up with firmware updates which has:

Hyper-Threading Technology: Enabled

In 'System Information' along with an updated BootROM which makes wonder whether it has been patched with the new microcode as well. I haven't noticed any performance degradation but then again I really haven't stress tested it much since the update.

"When the people are being beaten with a stick, they are not much happier if it is called 'the People's Stick'"

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#2238441 15-May-2019 15:53

Worth keeping an eye on ARM and Intel but even with a 40% hit on everything Intel still win in thermal/power management in a rack

Tracer

343 posts

Ultimate Geek
+1 received by user: 151

#2239685 17-May-2019 08:56

PolicyGuy:

It is interesting to note that BSD has HYPErthreading turned off by default

OpenBSD does, because Theo decided it would be so. Other BSD distros like FreeBSD, macOS haven't done this.