Intel warns of data center slow down following ZombieLoad fix

The patch could cause a nine-percent performance drop to affected data centers.
15 May 2019

Researchers created a logo for the ZombieLoad discovery. Source: zombieloadattack.com / Natascha Eibl

Intel has warned that data centers using certain processor chips could face a performance slow down following a patch to a security flaw dubbed ZombieLoad.

The vulnerability is the most notable of 79 fixed during Microsoft’s Patch Tuesday. The processor logic flaw affects operating systems running x86 chips and allows computer programs to ‘steal’ data from one another.  

ZombieLoad shares similarities with last year’s Spectre, Meltdown and Foreshadow bugs. If the vulnerability were exploited, it could allow attackers to spy on any Intel Core or Xeon-branded central processing unit (CPU) released since 2011.

Vulnerabilities also extend to the cloud; supposedly isolated virtual machines (VMs) could read data from another— posing significant rusk to environments where multiple customers’ VMs are on the same server. AWS, Azure and Google Cloud are some of the major cloud computing platforms that use the technology in question.

As explained by TechCrunch’s Zack Whittaker, ZombieLoad allows hackers to “exploit design flaws, rather than inject malicious code”.

Reporting the bugs to Intel a month ago, researchers found that flaws could be exploited to view which websites a person is browsing, but had the capability to grab passwords and access tokens.

While attacks of this kind are “a very complex undertaking” says Intel, the computing firm has issued microcode patches for vulnerable processors and the flaw will be mitigated in future chip production.

However, it has cautioned that the patch— as with those previously— could have a varying impact on processor performance.

Intel expects that consumer devices could see a 3 percent performance decline, while data centers could see as much as a 9 percent impact.

However, consumers have so far reported “up to 40% performance loss”, while Apple has also claimed a much more significant loss to performance in tests.

Intel stated that the impact of the patch would largely be unnoticeable, but said the biggest performance hit could be felt by data centers handling tasks that use Java.