Matrix Posted August 7, 2019 Share Posted August 7, 2019 In brief: It seems that Spectre and Meltdown are still haunting Microsoft. The company last month silently pushed out an update that mitigated a “serious security flaw in Intel processors” made since 2012. As with Spectre and Meltdown, the vulnerability takes advantage of speculative execution, a function that anticipates and executes instructions before any commands are received, thereby increasing CPU performance. Researchers from security firm Bitdefender discovered and reported the newly disclosed side-channel attack to Intel 12 months ago. Attackers could use it to steal data from the system kernel, potentially exposing encryption keys, passwords, session tokens, private chats, and more. Intel dismissed the initial report of the issue, saying it already knew of the vulnerability and had no plans to fix it, but Bitdefender provided a proof-of-concept attack that showed how it could be exploited and the flaw was disclosed at the Black Hat security conference yesterday. It exploits the SWAPGS kernel-level instruction set, which was introduced with Ivy Bridge processors back in 2012. Additionally, the SWAPGS vulnerability (tracked as CVE-2019-1125) allows attackers to avoid kernel page table isolation, which is used to mitigate against speculative-execution flaws such as Meltdown and Spectre. "To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application," Microsoft explained, in their advisory. "The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further." Microsoft patched the vulnerability in July’s Patch Tuesday updates. Ars Technica reports that the fix works by changing how the CPU speculatively accesses memory, and it doesn’t require a microcode update from computer manufacturers. “We're aware of this industry-wide issue and have been working closely with affected chip manufacturers and industry partners to develop and test mitigations to protect our customers. We released security updates in July, and customers who have Windows Update enabled and applied the security updates are protected automatically,” wrote a Microsoft rep. While Red Hat said both Intel and AMD chips were affected by the vulnerability, Bitdefender said the two AMD processors they tested did not exhibit speculative behavior for the SWAPGS instruction. AMD gave the following statement: AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1. Bitdefender director of threat research and reporting, Bogdan Botezatu, told Ars that the most likely scenario for exploitation would be a state-sponsored attack on a cloud service as it could affect multiple virtual machines running on the same CPU. "Don't think of this as the next big tool to exploit ransomware or regular malware, because it doesn't go like that. A side-channel attack is time consuming and it requires hours to pluck information from the CPU. For a cyber criminal trying to get their hands on quick information, there's phishing," Botezatu explained. "But for a state-sponsored threat actor, targeting a high profile organisation, this thing is gold. Because they have all the time in the world to make guesses and this kind of attack doesn't leave an any forensic traces on computers," he added. VIEW: Original Article. Link to comment Share on other sites More sharing options...
steven36 Posted August 7, 2019 Share Posted August 7, 2019 It's like all side channel attacks that been patched so far none of them has been exploited in the wild and it very unlikely they any danger to normal users .Microsoft and apple be half patching it . If it was that serious they would push out firmware updates for all PCs like Linux has been doing , In order to be fully protected you have do a software update and a firmware update and Microsoft and Apple still not even patched everyone's firmware for Zombieload even! So just because Intel released a fix don't mean you will see it . Also the fixes are as bad as the exploit it slows down your OS like your infected with a virus . 20 years could go by and no one never exploit it and all this would be for nothing because people be on non effected hardware by then. In the last few years researchers have been exploiting everything in order to get paid via bounty programs. But 9 times out of 10 anything that's a threat is a 0day . If a whitehat can make one it just as easy for a blackhat to make one and put in the wild .Even some of the researchers who got paid for helping have drooped 0 days in the wild latter on.One of them that done it is sandbox escaper . All this patch was to fix a bypass of Spectre and Meltdown Defenses on already patched systems that already received software and firmware updates because it was not fully patched to began with or they would need to patch it again . If you on a system were you never done firmware updates for these you still not fully patched .. The only real cure for it is too buy new hardware because it only stays patched tell someone else figures out how to bypass it. And they finding new ones before they can even mitigate old ones . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.