Intel Reveals New Spectre-Like Attack, Advises Disabling Hyper-Threading

[R0H1T]

Intel unveiled yet another speculative execution side-channel flaw in its processors. The vulnerability affects most of the company’s processor SKUs, except the 8th and 9th generation chips, which Intel said includes hardware mitigations against this flaw.

Microarchitectural Data Sampling in Intel Chips

The Microarchitectural Data Sampling (MDS) issue is a speculative execution side-channel attack that may allow malicious actors to locally execute code in order to extract sensitive data that would otherwise by protected by Intel processors’ architectural mechanisms.

According to Intel, four CVEs were assigned to this flaw in Intel’s processors, including:

• CVE-2018-12126 Microarchitectural Store Buffer Data Sampling (MSBDS)
• CVE-2018-12130 Microarchitectural Fill Buffer Data Sampling (MFBDS)
• CVE-2018-12127 Microarchitectural Load Port Data Sampling (MLPDS)
• CVE-2019-11091 Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Significant Changes to Operating Systems, Core Software Are Required

Intel believes that in order to protect users against this speculative execution issue, Microsoft and other operating system vendors, hypervisor vendors, as well as Intel itself will need to implement significant changes in their software. The solution will involve clearing microarchitectural buffers when switching to software that is not trusted by the previous software.

For instance, every time a processor would switch from one third-party app to another, from a Windows process to a third-party app, or even from less trusted Windows processes to more trusted ones, the buffers would have to be cleared or overwritten. Adding such a significant step in the processing software will most likely lead to a performance loss. How large or small, it remains to be seen, but chances are it could be on the significant side.

Intel Recommends Disabling Hyper Threading

The company admitted in its white paper that the software mitigations will have a significant effect on how HT works. The threads will need a higher level of isolation between each other, and they will not be able to run processes from different security domains anymore. Threads from different security domains will simply become idle (thus turning into wasted processing power).

It seems that with every other speculative execution attack, Intel’s Hyper Threading becomes either less secure or slower. Intel itself seems to be moving away from Hyper Threading lately on some of its best CPUs, even in the face of AMD competition with both higher number of cores and simultaneous multithreading (SMT) support at similar price points.

Intel has also been publicly reluctant to agree with the disabling of HT when others have called for it with the discovery of some previous CPU flaws, but in its paper, the company stated that disabling HT altogether may be warranted as protection against MDS attacks.

Despite all of these drawbacks, Intel did mention in the white paper that these software mitigations are highly recommended, despite the vulnerabilities being classified only low to medium severity.

Intel noted that future processors will have data sampling methods mitigated in hardware. Some of the company’s current chips could also enable similar mitigations, but only after a microcode update has been loaded. In other words, you’ll rely on your motherboard maker or laptop maker to deliver that update to you, before you can benefit from this mitigation.

Affected Processors

Virtually all of Intel’s chips starting with the Nehalem architecture (launched in 2008, 11 years ago) and newer, with the exception of the Whiskey Lake (ULT refresh), Whiskey Lake (desktop), as well as the Atom and Knights architectures, are affected by the MDS vulnerabilities.

What this tell us is not only that there are now multiple speculative execution attacks against Intel’s processors, or that there will be more to come until a Intel applies a more significant overhaul to its architecture, but that most of these chips will likely never be patched against this flaw and others like it. Motherboard and laptop OEMs tend to update only their most recent products, so the majority of systems sold in the past 11 years will likely remain vulnerable.

Those that do get the patches shouldn’t necessarily consider themselves that much luckier either, as the performance loss after the patches are applied could be significant. Those who buy the new Intel chips starting with Whiskey Lake refresh and later should see a much lower performance loss as well as the security protection from the built-in hardware mitigations, at least until a new speculative execution attack appears that can bypass the new mitigation appears.

Intel has provided more information about the MDS flaws, including about how to get the software patches, on its website.

Intel’s New Spectre-Like Flaw Affects Chips Made Since 2008

Intel revealed a new speculative execution attack that would allow malicious actors to obtain sensitive information that would otherwise be protected by the processor. The flaw could affect system performance.

www.tomshardware.com

 

[biffzinker]

Intel disagrees about the need to disable hyperthreading, and says it plans to add additional hardware defenses to address these vulnerabilities into future processors.

Buffer the Intel flayer: Chipzilla, Microsoft, Linux world, etc emit fixes for yet more data-leaking processor flaws

Intel CPUs dating back a decade are vulnerable to latest cousin of Spectre

www.theregister.co.uk

 

[Regeneration]

Intel is planning to release microcode updates to mitigate these potential vulnerabilities for Sandy Bridge (2nd gen) and newer.

And remember, HT off = extra 200 MHz for your overclock, and lower core temperatures.

 

[biffzinker]

Ryzen is affected by MDS according to Windows 10 with the latest cumulative update from today.

 

[Lindatje]

Ryzen is affected by MDS according to Windows 10 with the latest cumulative update from today.

View attachment 122979

They (Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle).
have tested Ryzen and Ryzen is not affected.

 

[johnspack]

Just got a microcode update notice in Ubuntu... declined it for now. Anyone else get this?

 

[trparky]

I am really starting to regret buying my 8700K right about now. These Intel chips are turning out to have more security holes than Internet Explorer.

 

[MrGenius]

And remember, HT off = extra 200 MHz for your overclock, and lower core temperatures.

Also = a MASSIVE performance loss with programs/apps that are optimized for multi-threading.

 

[trparky]

I don't know why people are laughing, I'm serious here. How many more of these kinds of exploits are there just waiting to be found?

I'll leave you with that nightmare of a question.

 

[ratirt]

I don't know about you guys but I'm kinda sensing that Intel released this on purpose. All older gens are affected except newer gen like 9th and 8th. It's like telling you to go with the new gen processors from intel cause these don't have that vulnerability. Especially if the older generations aren't getting any fix. Also this HT disabling which is going to help. Another way to say that processors don't need it since it causes problems. Scare you off so that you won't wait for anything new coming up and you get the processors now. Why now Intel decided to say this? Because Zen2 is just around the corner and Intel want's to boost sales a bit more before that happens?
Maybe it's just an impression but that's what I get out of it.

I am really starting to regret buying my 8700K right about now. These Intel chips are turning out to have more security holes than Internet Explorer.

Why regret? 8th gen is not affected. At least it's not affected by this vulnerability.

 

[mtcn77]

I kind of envy the Intel sheeple herd. They just received the most harrowing news on that marketing badge, yet they aren't deterred.

 

[biffzinker]

They (Austrian university TU Graz, Vrije Universiteit Amsterdam, the University of Michigan, the University of Adelaide, KU Leuven in Belgium, Worcester Polytechnic Institute, Saarland University in Germany and security firms Cyberus, BitDefender, Qihoo360 and Oracle).
have tested Ryzen and Ryzen is not affected.

Somebody needs to let Microsoft know Ryzen isn't vulnerable.

 

[s3thra]

Just got a microcode update notice in Ubuntu... declined it for now. Anyone else get this?

Using a Ryzen 2600 here with Kubuntu 18.10, and yes this update has come through to me too:

 

[er557]

all mitigation in place, microcode updated by windows update, all is well, no performance impact whatsoever

 

[ratirt]

all mitigation in place, microcode updated by windows update, all is well, no performance impact whatsoever

View attachment 123026

Are you sure there's no performance impact? You are comparing your CPU to a 7980 which has half the cores and threads and lower clock speed and yet your is still behind in single-thread and a tad faster in multi-thread bench.
I'm just pointing this out I'm not sure if these should have been the correct values for your Xeon.

 

[trparky]

Why regret? 8th gen is not affected. At least it's not affected by this vulnerability.

Not according to this...

 

[trparky]

all mitigation in place, microcode updated by windows update, all is well, no performance impact whatsoever

May I ask what values you have set for the following Registry settings?

Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management | Value Name: FeatureSettingsOverride
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management | Value Name: FeatureSettingsOverrideMask
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization | Value Name: MinVmVersionForCpuBasedMitigations

Because I can't get MDSWindowsSupport to be enabled to save my life. According to Microsoft's own Intel Microcode Page (KB4465065) I have the latest microcode patch installed. So with that said, my system is vulnerable to this crap.

 

[Bill_Bright]

There are a few issues that always seem to allude those, or are just ignored by those ready to pounce on Intel (or whichever giant in their respective industry) has some new flaw or vulnerability discovered.

Just because a vulnerability is discovered,​

• That does not mean a bad guy can waltz past, totally undetected, all the other hardware and software defenses in our networks and on our computers,
• But if they some how are able to bypass all other defenses, it does not mean it is a simple process to exploit that vulnerability (plant the malicious code) while remaining undetected,
• Then use that exploited vulnerability (activate the malicious code) to compromise our computers or harvest our data, again remaining undetected,
• Then be able to "phone home" with that information, or use that computer for nefarious deeds while still remaining undetected.

There is no reason to assume there are not undiscovered vulnerabilities in processors made by AMD, NVIDIA, Qualcomm, Motorola, Via, etc. That is, there is no reason to assume if you buy a Ryzen that there are no vulnerabilities (known or yet to be discovered) to be exploited by bad guys.​

For the record, this has a severity rating of "Medium" - below "High" and "Critical". And more importantly, patches have already been released, are in production, or are planned for all processors Intel current sells or are still on the market and even for most processors still in the field (source: Intel Microcode Update PDF - note the 8700K is on the list).

I don't know about you guys but I'm kinda sensing that Intel released this on purpose. All older gens are affected except newer gen like 9th and 8th. It's like telling you to go with the new gen processors from intel cause these don't have that vulnerability.

What do you expect them to say? "Some processors may have this vulnerability" then leave it at that keeping everyone guessing which processors?

I am not saying this isn't bad, it is. And it is not just another ho-hum vulnerability. But it is not the end of the world either.

If you run without being behind a router, without running any anti-malware or firewall protection and you don't keep Windows current, cut your Ethernet cables and panic. Otherwise, I recommend leaving the OS alone. Don't start making changes to the Registry. Let Intel and OS makers do their thing - they are already on it.

 

[trparky]

What I would love to know is when the class action lawsuit against Intel will start. Granted, the only people who would truly benefit is the lawyers meanwhile the rest of us poor slobs would get a token $10 check in the mail.

 

[er557]

@trparky :
to your question, you need to run 1903 as these settings are already enabled in latest cumulative;, the microcode was released today, if you dont find it or not included in it, windows wont enable the mitigation.

 

[trparky]

I'm still on Windows 10 1809 and I have no intention to upgrade to 1903 until a month after the release just in case Microsoft screwed the pooch again. As for the firmware update, where did you get it?

 

[Deleted member 24505]

I'm still on Windows 10 1809 and I have no intention to upgrade to 1903 until a month after the release just in case Microsoft screwed the pooch again. As for the firmware update, where did you get it?

Ive been on 1903 for at least 6weeks now, and i have noticed zero problems

 

[er557]

i did not get fimware update, i got microsoft intel microcode update for windows, it is a kb with descriptions of supported cpus, and hence fimware is not needed. google it for your os, 1809

 

[P4-630]

https://support.microsoft.com/en-us/help/4494441/windows-10-update-kb4494441

 

[John Naylor]

There are a few issues that always seem to allude those, or are just ignored by those ready to pounce on Intel (or whichever giant in their respective industry) has some new flaw or vulnerability discovered.

I have yet to find and keep asking for links to a "look what happend here" story related to these vulnabilities. None so far.