Guidance to mitigate Microarchitectural Data Sampling (MDS) vulnerabilities

MDS

On 14th May 2019, Intel published information about a new subclass of speculative execution side-channel vulnerabilities known as Microarchitectural Data Sampling.

Below is a table of the four CVEs associated with MDS attacks, which includes acronyms and associated names.

CVE	Name	Acronym	Named Vulnerability
CVE-2018-12126	Microarchitectural Store Buffer Data Sampling	MSBDS	Fallout
CVE-2018-12127	Microarchitectural Load Port Data Sampling	MLPDS	RIDL
CVE-2018-12130	Microarchitectural Fill Buffer Data Sampling	MFBDS	ZombieLoad
CVE-2019-11091	Microarchitectural Data Sampling Uncacheable Memory	MDSUM	RIDL

Mitigation

For more information around mitigation click the appropriate OS below

Windows

Debian

Ubuntu

Centos / RedHat

Verification

Windows

Installing / Updating the Get_SpeculationControl Module

* Start a PowerShell Terminal with administrative rights.

* Check if the Speculation Module is installed -

Get-Module -ListAvailable -Name SpeculationControl

* If not installed do the following -

Windows 2008, 2012, 2016 and 2019

install-package -name nuget

Install-Module SpeculationControl

Import-Module SpeculationControl

* If already installed ensure you have the latest version -

Update-Module SpeculationControl

Running the Get-SpeculationControl Module

* At the PowerShell prompt

Get-SpeculationControlSettings

Information on understanding the output is detailed here

Linux

* Start a Terminal
* Run the following command -

grep . /sys/devices/system/cpu/vulnerabilities/*

Information on understanding the output is detailed here

Last updated 17 May 2019, 11:32 GMT

Microarchitectural Data Sampling (MDS)

Guidance to mitigate Microarchitectural Data Sampling (MDS) vulnerabilities

Mitigation

Windows

Debian

Ubuntu

Centos / RedHat

Verification

Windows

Linux

Microarchitectural Data Sampling (MDS)

01483 608 010

Live Chat

Chat Offline

New Support Ticket