Not The Best Day To Have Intel Inside
Two Old Flaws And A Fix In The Headlines
If you use Intel PMxDrv drivers, for integration with software such as LabVIEWTM, DIAdem, MLab your own inhouse .NET API you had better patch as soon as you can! Three months ago Eclypsium discovered several vulnerabilities in third party Windows drivers, two of which were announced along with the patches for them, however a third was not disclosed until today as the fix took a bit of time to develop. The vulnerability does require physical access to a machine, however it allows even the lowest level accounts to take advantage of the vulnerability to gain access to the Windows kernel and install whatever strikes their fancy it what should be the most protected area of your OS.
Following that news was the announcement of a hitherto unknown ZombieLoad eavesdropping technique, which can be exploited even on fully updated processors with TSX and TAA mitigations and on chips built to be immune to Meltdown and Foreshadow. As with the original Zombieload, this vulnerability allows hackers to lift sensitive data from the CPU store, fill, and load buffers, though thankfully they cannot target specific buffers. According to the story at The Register, this was known to Intel which is why they were able to provide microcode updates for Core and Xeon processors with TSX functionality. Thankfully for enthusiasts Whiskey Lake, Coffee Lake-R, and Cascade Lake-SP are not vulnerable at all, and we have yet to see malware making use of Zombieload in the wild so the patches are preventative measures as opposed to mitigating active attacks.
Intel did have some good news for AI developers, as today they revealed details on their Nervana Neural Network Processors, specifically the NNP-T1000 and NNP-I1000. The NNP-T1000 will be for those developing machine learning applications, and the NNP-I1000 is designed for IoT and Cloud applications. You can take a look at more details here.
It is worth noting that these are not remotely exploitable flaws: hackers need to already be running code locally in order to get at the vulnerable drivers.