Watch out – ZombieLoad attack

Academics recently discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. The leading attack in this new vulnerability class is a security flaw named ZombieLoad.

The ZombieLoad attack allows stealing sensitive data and keys while the computer accesses them. While programs normally only see their own data, a malicious program can exploit the fill buffers to get hold of secrets currently processed by other running programs. These secrets can be user-level secrets, such as browser history, website content, user keys, and passwords, or system-level secrets, such as disk encryption keys.

But the attack does not only work on personal computers but can also be exploited in your datacenter and in the cloud. Zombieload is exploited by taking advantage of the speculative execution process, which is an optimization technique that Intel added to its CPUs to improve data processing speeds and performance.

IRIS Professional Solutions can help you by executing a healthcheck of your environment:

vSphere evaluation
Firmware assessment
Windows patching

Based upon the outcome appropriate actions can be taken to guarantee the safety of your IT environment & data.

So don’t hesitate to contact us if you’re having doubts, questions or if you’re in need of extra information.