Wed. Jul 15th, 2020

How to disable Intel TSX to prevent Zombieload v2 attacks

1 min read

To prevent the Zombieload v2 attack that was just exposed, Microsoft Windows and Linux kernel teams have introduced methods to turn off Intel Transactional Synchronization Extensions (TSX). The Zombieload vulnerability is related to TSX, which is similar to the previously disclosed Meltdown, Spectre, and Foreshadow, Fallout, and Zombieload v1 vulnerabilities, which use predictive execution to implement data leaks across threads and hyperthreading.

The Zombieload V2 vulnerability disclosed this week can affect recently released Intel processors. Intel released a microcode update to fix the latest vulnerability, but the patch will have a serious impact on performance. To avoid affecting performance, many organizations may choose not to update microcode, or prefer to disable vulnerability-related technologies. The Microsoft and Linux kernel teams have released methods to shut down TSX.

On Windows, you can disable Intel TSX via  registry setting:

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel” /v DisableTsx /t REG_DWORD /d 1 /f

When they need TSX again, they can re-enable it via the following:

reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel” /v DisableTsx /t REG_DWORD /d 0 /f

On Linux, you can follow this guide.

Via: ZDNet