08/27/2019 - CASwell Inc., a leading manufacturer of innovative and high-performance server solutions for SD-WAN (uCPE/vCPE) and network security systems, announced today that most of its network devices and servers have received updates for their firmware or BIOS making them secure against any malicious attacks based on MDS vulnerabilities. With these updates customers and users can breathe a sigh of relief as they are now safe with the theoretical threats of ZombieLoad, RIDL and Fallout not to be worried about anymore.
In May of this year Intel and independant researchers reported about a new group of vulnerabilities inside Intel processors called "Microarchitectural Data Sampling" (MDS). All four of these techniques use side-channel attacks to be able to access data of other processes that they are not supposed to see, making it especially critical in data centers and cloud services running virtual machines. These exploitations - called ZombieLoad, RIDL (Rogue In-Flight Data Load), Store-to-Leak Forwarding and Fallout - are very complex to implement real-world, can't target specific data to gather and not known to be practically used be any attacker so far. Nevertheless, Intel provided timely processor microcode updates (MCU) and now CASwell has implemented these MCUs into the largest part of its product stack.
According to Intel, the MCUs mitigating MDS have minimal performance impact on PC systems but can vary under data center workloads depending on software and resource utilization.
CASwell has provided new BIOS and firmware versions including the MCUs by Intel for systems based on the current CAR-6010, CAR-5050, CAR-4040, CAR-3080, CAR-2080 and other rackmounts, the CAD-0260 desktop series, the CAF-0250 fanless series and even older models like the CAR-1030 or the CAD-0235. Other isolated CASwell products are currently being validated and will get their respective updates as soon as possible.
For more information regarding specific models or any other questions please contact your local CASwell representative or sales.
Find out more about "Side Channel Vulnerability MDS" at intel.com.
Amsterdam University reports about RIDL and Fallout at mdsattacks.com.