Last week it was revealed that certain Intel processors contain a new set of hardware vulnerabilities that allow hackers to exploit Intel’s speculative execution process, which helps improve a CPU’s speed and performance. Unfortunately, this optimization comes at a cost.
Called Microarchitectural Store Buffer Data (MDS), this series of vulnerabilities enables “speculative execution attacks”. In these attacks, a malicious app or guest virtual machine gains access to the data stored inside CPU buffers such as the load, store, and line fill buffers. This allows the attacker to bypass other security restrictions on the system.
- The bad news: The researchers who found the MDS bug say it likely affects all Intel CPUs released since 2011 – and as a result, Acronis Software-Defined Infrastructure could be exposed to an attack.
- The good news: As soon as the problem was identified, Acronis immediately developed a fix and updated SDI – so your data won’t be at risk once you’ve installed the update.
About the MDS vulnerabilities
The researchers who discovered the series of MDS attacks identified four Common Vulnerabilities and Exposures (CVEs):
- Microarchitectural Fill Buffer Data Sampling (MFBDS), CVE-2018-12130 – Dubbed ZombieLoad as well as RIDL, this is a side channel attack that focuses on a CPU’s fill buffers. This is a high-risk threat.
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM), CVE-2019-11091 – Another side channel attack that also takes aim at the CPU’s fill buffers, it is considered a moderate threat.
- Microarchitectural Store Buffer Data Sampling (MSBDS), CVE-2018-12126 – Also known as Fallout, it is a side channel attack that targets a CPU’s store buffers. It’s considered a moderate threat.
- Microarchitectural Load Port Data Sampling (MLPDS), CVE-2018-12127 – This is a side channel attack against CPU’s load ports, and is also considered a moderate threat.
Of the four CVEs identified, the experts agree that the most dangerous is Zombieload. That’s because this attack is similar to threats like Meltdown and Spectre and has the greatest potential to capture the most data during an attack.
Mitigating the MDS vulnerability
When Acronis was alerted to the MDS issue last week, our engineers created a solution. After passing the required tests and our strict QA criterions, we released the SDI update on May 22, 2019.
To implement this vital update to Acronis Software-Defined Infrastructure, go to the SETTINGS > UPDATE section of your admin panel. Once you select the update (Build 2.5U7-16502), a reboot will be required to complete the process.
Updated nodes will reboot automatically, one at a time. During the reboot, the storage service might be unavailable on cluster configurations without the redundancy of services or data.
Disabling Hyper-threading
It is important to note that fully correcting the MDS vulnerability is not possible unless users disable Intel’s Hyper-threading technology. The HT technology is designed to improve system performance by using two logical processors. Yet MDS attacks can have a malicious VM running on one thread that is actually accessing the data on another thread.
Disabling the HT technology severely impacts the system performance, however, so you’ll need to weigh the risk vs. reward.
In the event you want to disable the HT technology, you can either disable SMT in the system BIOS or pass the ‘nosmt’ flag as a kernel boot parameter in the GRUB configuration file.
Keeping your data and system protected
Modern technology moves at a break-neck pace, yet it often seems that by solving one challenge in computing (like improving processing speed), a new issue can arise. Sometimes those are incidental, while others pose more serious threats to your data’s safety, accessibility, privacy, authenticity, and security.
Acronis understands the challenges that can be created accidentally, which is why we are committed to protecting all data, apps, and systems with cyber protection solutions that are easy, efficient and secure.
Ensuring the effectiveness and security of those services means acting quickly to close loopholes when the supporting technology our solutions run on have issues. In the case of the MDS bug, you can be sure your data will be safe once the new update is applied.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.