Remember the news about the Intel Meltdown and Spectre chip vulnerabilities that emerged last year? Remember all the panic and the patches? Well, get ready because you’re about to go through all of that again with the latest Intel chip vulnerability.
This one has a lovely nickname all its own, called ZombieLoad. It’s pretty serious and it reportedly affects every Intel chip since 2011. Chances are your clients are running computers with Intel chips in that time period.
It’s a crazy thing, but what’s really crazy is your clients are going to come to you looking for advice. They are going to see the scary headlines about the chip vulnerability that enables hackers with the right skills to steal secrets from your computers and they are going to want to know how to handle it (or maybe they won’t and it’s up to you to tell them).
TechCrunch’s (where I also write) security editor, Zack Whittaker described how the vulnerability works in an article last week:
ZombieLoad takes its name from a “zombie load,” an amount of data that the processor can’t understand or properly process, forcing the processor to ask for help from the processor’s microcode to prevent a crash. Apps are usually only able to see their own data, but this bug allows that data to bleed across those boundary walls. ZombieLoad will leak any data currently loaded by the processor’s core, the researchers said. Intel said patches to the microcode will help clear the processor’s buffers, preventing data from being read.
Patches, STAT!
To help your clients through this latest chip crisis, your job will be to act as a psychologist and a trusted adviser. As you might expect, the onslaught of patches has begun and you must install them to keep them safe.
You also have to watch for new patches and monitor the news cycle for whatever is coming next, because from the sounds of things, this might not be the end of it. As Intel and other chip companies have pushed for more powerful chips, they made some compromises to achieve that, leaving vulnerabilities in their wake.
You would be hard-pressed to find anyone who is happy about this situation. Your CPU is your CPU, it’s not like you can just swap it out for a safer model. Unfortunately, there aren’t going to be any easy answers and you probably have to live with this situation for the time being. In the meantime, watch for patches and guide your clients as best as you can.
Photo: Mau47 / Shutterstock