Microsoft fixes Intel ZombieLoad bug with Patch Tuesday updates

On Microsoft's Microsoft patch on Tuesday 2019, 79 vulnerabilities have been fixed, 19 of which are classified as Critical. Here is a summary of the most striking.

ZombieLoad

The update has resolved a logical error in the processor (CVE-2018-12130) that could cause computer programs & # 39; s to steal each other's data.

Discovered by researchers from the Technical University of Graz and KU Leuven, the attack can read data between different threads, which are separate programs running on the same physical computer core.

ZombieLoad is known as a vulnerability to Microarchitectural Data Sampling (MDS) and shares some characteristics with Specter and Meltdown, the two side channel attacks announced in January 2018. It is an error in Intel processor hardware, which means it affects all operating systems that run on x86 chips, including Windows. It uses the speculative execution function of Intel to steal data from other programs. As Microsoft explained in the note accompanying the patch:

In shared resource environments (as they occur in some cloud service configurations), these vulnerabilities can allow one virtual machine to improperly access information from another.

The attack affects both desktop and server-based systems, although it is not trivial to misuse it. Someone should run a malicious app on the target system.

The Microsoft patch joins other solutions from companies such as Apple and Google. It provides a solution for the software until Intel fixes the bug in future processor releases. The patch is unlikely to affect performance on consumer systems, the opinion said.

As with the software fixes for Specter and Meltdown, the people who feel a performance hit from the software patch will be server customers. Microsoft says that server administrators must disable the full Hyperthreading functionality that the attack exploits to get full protection.

Windows Server

Microsoft has included several solutions for critical vulnerabilities that allow an attacker to execute code remotely on a target system. These include CVE-2019-0725, a vulnerability in the Windows Server DHCP server.

With CVE-2019-0708, someone can send specially crafted packages to the Windows Server Remote Desktop Services system to execute code on them, even if they are not verified on the system. CVE-2019-0708 is so serious that Microsoft has even issued patches for its long-unsupported operating systems, Windows 2003 and XP.

Read more about our accompanying article here about the possible consequences, systems put in place and restrictive measures for these external, & # 39; wormable & # 39; Windows vulnerability.

Another patch fixes CVE-2019-0903, which exploits a problem in the Windows Graphics Device Interface (GDI) of Windows Server and allows an attacker to execute code through a malicious website or file.