Intel L1 Terminal Fault (L1TF) Chip Vulnerabilities: Patches, Fixes and Mitigation Strategies
Intel today publicly confirmed so-called L1 Terminal Fault (L1TF) chip vulnerabilities and associated mitigation strategies for the “highly severe” security holes. Microsoft, Red Hat, VMware and other system software vendors also delivered L1TF-related patches for various operating systems and virtualization software.
According to a blog post today from Leslie Culbertson, executive vice president and general manager of Product Assurance and Security at Intel, the L1TF issue:
“affects select microprocessor products supporting Intel® Software Guard Extensions (Intel® SGX) and was first reported to us by researchers at KU Leuven University*, Technion – Israel Institute of Technology*, University of Michigan*, University of Adelaide* and Data61*1. Further research by our security team identified two related applications of L1TF with the potential to impact other microprocessors, operating systems and virtualization software.”
L1 Terminal Fault (L1TF) Patches and Mitigation Strategies
Partners and customers can leverage Microcode updates (MCUs) — released earlier this year — to mitigate all three applications of L1TF, Intel says. Moreover, the chip giant is pointing partners and customers to operating system and hypervisor software patches that surfaced today. The chip giant said:
“When coupled with corresponding updates to operating system and hypervisor software released starting today by our industry partners and the open source community, these updates help ensure that consumers, IT professionals and cloud service providers have access to the protections they need.”
Microsoft, Red Hat, VMware: L1TF Patches
In terms of third-party vendors, Microsoft, Red Hat and VMware offered up these L1TF patches and mitigation strategies:
- VMware L1TF patches and fixes are here and here.
- Microsoft L1TF patches and fixes are described here.
- Red Hat L1TF patches and fixes are here.
Additional technical details about the L1TF issues are documented in this Intel video:
So far, Intel has not seen any of the L1TF attack methods leveraged in real-world exploits.
Avoiding Repeat of Meltdown, Spectre Vulnerability Missteps
Moreover, Intel’s communications about the L1TF issues appears far more timely, concise and clear compared to the company’s initial communications about the Meltdown and Spectre Vulnerability discoveries earlier this year. Intel was slow to communicate about Meltdown and Spectre; initially downplayed the potential risks associated with the vulnerabilities; and also downplayed the potential performance impact of associated patches.
Intel: Improved Communications
Among the key reasons for the improved communications: Intel formed a cybersecurity group, led by Culbertson, earlier this year to help ensure the chip giant coordinated its technical, marketing and communication teams to help discover, mitigate and communicate the status of key issues.