BitDefender is a security firm in Romania, and its researcher have recently found a major vulnerability that poses a risk in Intel processors. The vulnerability creates an opening for attackers to gain access to information that is otherwise “off limits” for applications, referred to as privileged kernel-mode information. According to reports from The Next Web, there has already been an exploit that has worked on the Ivy Bridge, Haswell, Skylake, and Kaby Lake processors from Intel called microarchitectural data sampling (MDS).
Though there have been other vulnerabilities to show themselves, this is just the most recent CPU-level vulnerability that has been found with the processors with Intel. Last year, the Spectre and Meltdown bugs were found, which exposed vulnerabilities in features that were connected directly to certain parts of the memories. As far as Intel announced, the issues were managed with changes to the software and microcode patches.
Luckily, BitDefender pointed out that the issues that it just discovered can be partially resolved with the implementation of microcode patches. Working with Intel and other partners, the company added that the protections against vulnerabilities can be added at the hypervisor level. However, actually fixing the problem, as BitDefender says, is “impossible.” The actual problem itself is found in a flaw in the hardware flaw. The only way for customers to actually protect themselves is to basically add a redesigned chip to their Intel silicon.
To understand the impact this vulnerability creates, The Next Web broke down a little background on this technology. Permissioned is often broken down into “rings” with modern CPUs, and the CPUs from Intel has four rings. The rings with higher numbers will have the least access to the system. While Ring 0 is called “kernel mode,” featuring the memory to a CPU and the execution of CPU instructions, Ring 3 is considered the “user mode” with almost no access to computer hardware.
With the ring system, multi-tenant computing is possible, though the applications will not have access to the underlying system. This vulnerability is an opportunity for an attacker, allowing them to launch attacks that give them system-level privileges and make it easy to go after customers with a shared host.
Many business customers have decided to use cloud-based hosting, rather than dedicated servers, for a multitude of reasons. The Next Web specifically brings up difficulties with cost and scalability as possible causes for the movement. Anything that could throw a wrench in the cloud computing industry stands to push the whole digital economy into a chaotic state.
Regardless of how Intel handles the issue, the fact remains that this news is hardly optimistic for the company or the digital sector, considering the drive for cost-efficient and scalable computing power. Perhaps the vulnerability will push other players like Google and Microsoft to protect their own customers.
So far, Intel has not responded to requests from The Next Web for a statement on the matter. Amazon and Google replied by directing the publication to their security bulletins that offer guidance to customers, while Microsoft and Heroku have yet to reply.
The whitepaper for BitDefender can be found here: https://www.bitdefender.com/files/News/CaseStudies/study/257/Bitdefender-Whitepaper-YAM-en-EN.pdf.