Microsoft Issues Update For New Zero Day Attack, Includes XP


WinXP ZombieLoad


  The new ZombieLoad Zero day vulnerability announced by Intel, Microsoft, and others has resulted in many patches being released by many computing industry giants. In the case of Microsoft this ZombieLoad vulnerability is impactful enough to warrant updating Windows XP in May 2019 five years after it's support retirement, as well as other of their affected Operating Systems. This ZombieLoad vulnerability has major potential to become a very devastating set of attacks on a high number of computers which does justify Microsoft's decision to execute updating Windows XP in May 2019 and there is quite a bit of supporting research and discovery to back that up. This is very much like the previously encountered Meltdown and Spectre vulnerabilities in that it can allow attackers to gather sensitive information through side-channel speculative execution and other vulnerabilities within the compromised computer's CPU architecture.



Windows XP Sees Update From Microsoft More Than Five Years After Support Ended


  Windows XP may not be the most prevalent OS out there but it is still in use and Microsoft recognizes that. Given the magnitude of the new vulnerabilities known as Fallout, RIDL (Rogue In-Flight Data Load), and ZombieLoad, which according to Wikipedia are Microarchitectural Data Sampling (MDS) vulnerabilities, necessary patches were mandated and implemented. These are all data "leaks" which can occur between architectural layers within a processor and can result in attacks where hackers can acquire any information leaked therein. Although Intel reports having detected these in 2018 it wasn't until other researchers discovered them and approached Intel that a global announcement was made on May 14th, 2019. The Intel processors affected could be as old as CPUs produced in 2011 or even 2008 (according to many varying reports) which would include many computers running Windows XP when it was still supported by Microsoft. Although Microsoft indicates that Windows 8 (.1) and Windows 10 are not affected Linux updated it's kernel, and Apple, Google, and even Amazon have released patches for their products. These vulnerabilities and the potential attacks could mean very bad news for consumers so all available patching should be done immediately! Please see the links below for more pertinent information.


Information on Multiple Associated Vulnerabilities from Wikipedia


ZombieLoad Specific Website