A trio of issues, codenamed ZombieLoad, RIDL, and Fallout, have been announced by the same researchers who discovered the Meltdown vulnerability last year.
Vulnerability
These vulnerabilities are similar in nature to Meltdown and Spectre, which involve some level of side-channel attacks and affects Intel processors. They allow the reading of sensitive information stored in memory and allow for processes to read information outside of virtualized containers.
Remediation
These issues can be patched through application, operating system, and microcode patches. Microsoft, Apple, Chrome OS among others have released patches for MDS (RIDL and Fallout).
For any side-channel based attacks like these, we rely on application and operating system version information to determine if someone is likely affected. Refer to the Desktop Software risk vector to determine if a system is affected at an operating system-level.
Third Party Risk Management
- To see if a company in your portfolio is potentially affected:
- Go to your portfolio and use the Software filter.
- Select Unsupported.
- Include OS X, Windows, and Chrome operating systems.
- Collaborate with your third parties in the results to get their desktop software updated and to ensure they are no longer potentially affected.
Security Performance Management
To see if your organization is potentially affected, search in the Details for “unsupported operating system” within your Desktop Software findings.