Experts say exploits would be sophisticated and take a long time to build, but operators should act now.
A new Intel vulnerability was disclosed yesterday that lets attackers steal data as processes run on most machines using Intel chips. The flaw affects nearly every Intel processor released in the past decade and is especially dangerous in multi-user environments like virtualized servers in data centers.
Intel calls it Microarchitectural Data Sampling, but the flaw is more commonly referred to as ZombieLoad, and variants discovered by researchers include Fallout and RIDL.
According to Intel spokesperson Leigh Rosenwald, the problem is already addressed at the hardware level in many recent eighth-generation and ninth-generation Intel Core processors, as well as the second-generation Intel Xeon scalable processor family.
"For other affected products, mitigation is available through microcode updates, coupled with corresponding updates to operating system and hypervisor software," she said.