ZombieLoad exploit lets hackers steal data from Intel CPUs

Thank heavens it's not Chinese or it would have been a backdoor.

So Intel CPUs just keep getting slower. I don't really see the problem with this when with the architecture design you were always able to access the whole address space from any program.
 
I believe The Register said something about 5-30% slowdown back in 2018. Best and worst case was between 17-23%. Non which I have experienced to date so I don't know to which Intel processors this, precisely, apply. I have a i7-4790 running with no slowdown and I know someone with a i7-6700K also with no slowdown. Benchmarks and real-time use don't really illustrate these slowdowns...
 
Security is not my strong point. That much I will admit.

Anyone care to explain how one would go to use this?

Lets say I want your Banking credentials and I know the company did not patch this yet. I know their public IP, which port do I connect to?
 
Or I can connect to their internal lan, I have no domain rights let alone full admin rights. I know the server IP, how do I get to the "information"
 
Hellhound105 said:
Or I can connect to their internal lan, I have no domain rights let alone full admin rights. I know the server IP, how do I get to the "information"
Click to expand...
No, this is not that kind of "hack"...

You would need physical access to the machine in question to install software to exploit this attack generally...
 
Fulcrum29 said:
I believe The Register said something about 5-30% slowdown back in 2018. Best and worst case was between 17-23%. Non which I have experienced to date so I don't know to which Intel processors this, precisely, apply. I have a i7-4790 running with no slowdown and I know someone with a i7-6700K also with no slowdown. Benchmarks and real-time use don't really illustrate these slowdowns...
Click to expand...

Do you actually have any patches installed?
 
ponder said:
Do you actually have any patches installed?
Click to expand...
OS patches, yes. The latest patch is suppose to hit the Intel CPUs with up to 40% slowdown. These slowdowns must apply to certain workloads. I don't even see this, to this great extent, in enterprise environments and this is with varying workloads.

I read earlier that Apple is recommending to disable hyper-threading.

What I'm saying is, it will be hard to determine 1-5% slowdowns due to varying workloads, but I haven't experience this on my own 3 PCs and neither experienced noticeable slowdowns greater than 5% in other environments because unique workloads will have to be tested to make a proper conclusion.

The Intel CPUs I use are a i5-4460, i7-4790 and a i7-4710HQ.
 
ponder said:
Did you manually install them or are you assuming MS installed them for you? What I'm basically asking is can you verify that you have have the patches?
Click to expand...
The OS patches, yes, but not the microcode updates which isn't available in my case anyway.
 
Hellhound105 said:
Security is not my strong point. That much I will admit.

Anyone care to explain how one would go to use this?

Lets say I want your Banking credentials and I know the company did not patch this yet. I know their public IP, which port do I connect to?
Click to expand...
That's just it, you don't go about "connecting" to any port. For it to work you need to have a program running already on the machine so it's already been compromised. The only instance this will have an effect again is with VMs and virtual servers in breaking into the other instances.
 
Swa said:
That's just it, you don't go about "connecting" to any port. For it to work you need to have a program running already on the machine so it's already been compromised. The only instance this will have an effect again is with VMs and virtual servers in breaking into the other instances.
Click to expand...

But if you have no access to the VM or domain access? Or will this be send an email to the user to click the link to download the program which then gives you the backdoor needed.
 
https://www.microsoft.com/security/...-and-meltdown-mitigations-on-windows-systems/

Performance
Click to expand...
One of the questions for all these fixes is the impact they could have on the performance of both PCs and servers. It is important to note that many of the benchmarks published so far do not include both OS and silicon updates. We’re performing our own sets of benchmarks and will publish them when complete, but I also want to note that we are simultaneously working on further refining our work to tune performance. In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact.

Here is the summary of what we have found so far:

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.
For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead.
Click to expand...

You will generally be okay with Skylake or newer. AMD is also still vulnerable to Spectre, but Zen2 and Intel’s Ice Lake will be Spectre immunised. I would like to know which benchmarks they are utilising to determine the slowdowns.

This is the only benchmark video in regards to games on the Meltdown/Spectre topic:


Then according to some media outlets, KB4494441 is supposed to hit your Intel CPU with an up to 40% degradation.
 
Hellhound105 said:
But if you have no access to the VM or domain access? Or will this be send an email to the user to click the link to download the program which then gives you the backdoor needed.
Click to expand...
Yeah that's exactly it. You need to find another exploit first to get access to the machine. But then in that case you could do a lot more and I wouldn't even bother with this. The only place it's of any real value is to load a program onto a VPS in order to access the other instances running on the same machine.
 
Fulcrum29 said:
Then according to some media outlets, KB4494441 is supposed to hit your Intel CPU with an up to 40% degradation.
Click to expand...

The 40% number is from Apple and that is the performance hit when disabling hyperthreading, as this is likely the safest option if you're trying to run a very secure ship.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X