Intel MDS ‘ZombieLoad’ Vulnerability: Software Patch List for MSSPs

Intel, MSSPs and IT departments are racing to patch ZombieLoad, a newly defined chip vulnerability also known as microarchitectural data sampling (MDS). The bug is similar to 2018's so-called Meltdown and Spectre flaws -- which are vulnerable to side-channel attacks.

Bitdefender senior researchers apparently discovered the MDS vulnerability in August 2018 but details weren't shared publicly until May 14, 2019.

SonicWall CEO Bill Conner
SonicWall CEO Bill Conner

Cyber criminals could leverage the Intel MDS vulnerability "to ‘pick locks’ within highly secured data centers, servers, server farms as well as cloud environments undetected and wreaking havoc," according to SonicWall CEO Bill Conner.

MDS security patches are widely available from:

Intel chips released in 2019 already contain a fix for the bug, Reuters notes. But previous generations of chips will need to be patched, and in some instances of that fix could slow chip performance by as much as 19 percent, the report points out.

Another Path to Proper Security

Further complicating matters, software patches can take considerable time to properly test and deploy across enterprise systems -- especially for MSSPs and channel partners that manage multiple customers.

Amid that reality, several MSSP-friendly security companies were one step ahead of the ZombieLoad threat. SonicWall, for one, developed its Real-Time Deep Memory Inspection (RTDMI) technology to proactively protect customers against these very types of processor-based exploits as well as PDF and Office exploits never before seen, Conner says.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.