Today, Intel released a statement regarding Microarchitectural Data Sampling (MDS) - also referred to as ZombieLoad - a significant security vulnerability that affects cloud providers with multi-tenant environments, including GearHost. Left unmitigated, this vulnerability could allow sophisticated attackers to gain access to sensitive data, secrets, and credentials that could allow for privilege escalation and unauthorized access to user data.
We have been working closely with Intel to understand the impact of these vulnerabilities and the best courses of action to protect our platform and our users. We have received updated microcode from Intel and developed a set of kernel updates to mitigate the vulnerability, and we are rapidly rolling out these mitigations with no downtime, in most cases, to our users.
The security of our platform and our users' data is our top priority, and we're taking every measure to ensure our customers remain secure. For more information about MDS, you can read Intel's initial statement.
This bug is present in basically every Intel chip produced since 2008 so we highly recommend you consult your own computer manufacturer and see what updates are available. Both Windows and Apple have released updates for the computers running their OS however there are firmware updates for Intel processors as well that may be available to you.
By: Ryan Kekos