With Spectre and Meltdown not too far back in the rear view mirror, Intel just released a patch through Business Partners (Microsoft, Apple, etc) for a set of vulnerabilities known collectively as Microarchitectural Data Sampling. CVE’s are: CVE-2019-11091, CVE-2018-12126, CVE-2018-12127, and CVE-2018-12130.
Untrusted code (ie, that frequently existes in a VM or hosted environments) can take advantage of this vulnerability to gain access to other portions of the execution thread.
Exploits have not been reported. Safest course of action is to be sure all systems are fully patched as soon as possible (same drill!)
Keywords: CyberSecurityRecap, intel, spectre, meltdown, Microarchitectural Data Sampling, MDC
Troy Frericks.
blog 16-May-2019
troyf<at>CyberSecurityRecap.com