How to Patch the Intel MDS Bug: A Complete Guide

  • Home
  • News
  • How to Patch the Intel MDS Bug: A Complete Guide
Comprehensive Guide to Mitigating the Intel MDS Bug: Protect Your Systems from ZombieLoad, Fallout, and RIDL

Thanks to a mistake, the VU (Vrije Universiteit Amsterdam) revealed a significant breach in Intel chips. New vulnerabilities, known as the Intel MDS bug (Microarchitectural Data Sampling), have been discovered in Intel hardware. These vulnerabilities, also referred to as ZombieLoad, Fallout, and RIDL, allow attackers to read almost any confidential data without additional rights. Although difficult to execute, a skilled attacker could use these flaws to read memory from a virtual or containerized instance or the underlying host system.

Understanding the Impact of the Intel MDS Bug

The Intel MDS bug poses a serious security threat. To mitigate these vulnerabilities, there is no known complete solution other than applying vendor software updates combined with hardware OEM-provided CPU microcode/firmware or using non-vulnerable microprocessors. All users should apply vendor solutions to patch their CPUs and update the kernel as soon as patches are available. Disabling SMT for affected systems will reduce some of the attack surface but will not completely eliminate all threats from these vulnerabilities.

Steps to Mitigate the Intel MDS Bug

To mitigate the risks introduced by the Intel MDS bug, systems need updated microcode, updated kernels, and virtualization patches. Administrators must evaluate if disabling SMT/HT is the right choice for their deployments. Enabling or disabling “hyper-threading” always takes place on the physical server or hypervisor. However, if a cloud provider is used, there is no influence other than checking with the provider. The problem is that switching off hyper-threading has a negative impact on performance.

Cloud Providers and the Intel MDS Bug

According to Amazon Web Services, their infrastructure is already protected: “AWS has designed and implemented its infrastructure with protections against these types of bugs and has also deployed additional protections for MDS. All EC2 host infrastructure has been updated with these new protections, and no customer action is required at the infrastructure level.

Updates and Patches for the Intel MDS Bug

For many platforms, kernel upgrades are now available, as well as microcode updates for the affected CPUs. Both the hypervisors and the virtual servers must be provided with updates to protect against the Intel MDS bug.

The Intel MDS bug is a critical vulnerability that requires immediate attention. By applying the necessary updates and patches, and considering the impact of disabling SMT, users can protect their systems from these severe security threats.

Updates: Red Hat Enterprise Linux
Updates: CentOS Linux

Kernel updates:

Microcode updates:

Updates: Amazon Linux

Kernel updates:

Updates: Ubuntu Linux
Updates: Debian Linux

Kernel updates:

Microcode updates:

Updates: VMware Hypervisor

Leave A Comment

Your email address will not be published. Required fields are marked *

Cookies Consent
Cookies Consent

We use cookies to enhance your browsing experience. By clicking "Accept", you consent to the use of all cookies.

Learn more
en_USEnglish