Microsoft quietly patched a Spectre-style vulnerability in Intel chips that could expose...


Posts: 5,889   +48
Staff member

As with Spectre and Meltdown, the vulnerability takes advantage of speculative execution, a function that anticipates and executes instructions before any commands are received, thereby increasing CPU performance.

Researchers from security firm Bitdefender discovered and reported the newly disclosed side-channel attack to Intel 12 months ago. Attackers could use it to steal data from the system kernel, potentially exposing encryption keys, passwords, session tokens, private chats, and more.

Intel dismissed the initial report of the issue, saying it already knew of the vulnerability and had no plans to fix it, but Bitdefender provided a proof-of-concept attack that showed how it could be exploited and the flaw was disclosed at the Black Hat security conference yesterday. It exploits the SWAPGS kernel-level instruction set, which was introduced with Ivy Bridge processors back in 2012.

Additionally, the SWAPGS vulnerability (tracked as CVE-2019-1125) allows attackers to avoid kernel page table isolation, which is used to mitigate against speculative-execution flaws such as Meltdown and Spectre.

"To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application," Microsoft explained, in their advisory. "The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further."

Microsoft patched the vulnerability in July’s Patch Tuesday updates. Ars Technica reports that the fix works by changing how the CPU speculatively accesses memory, and it doesn’t require a microcode update from computer manufacturers.

“We're aware of this industry-wide issue and have been working closely with affected chip manufacturers and industry partners to develop and test mitigations to protect our customers. We released security updates in July, and customers who have Windows Update enabled and applied the security updates are protected automatically,” wrote a Microsoft rep.

While Red Hat said both Intel and AMD chips were affected by the vulnerability, Bitdefender said the two AMD processors they tested did not exhibit speculative behavior for the SWAPGS instruction.

AMD gave the following statement:

AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.

Bitdefender director of threat research and reporting, Bogdan Botezatu, told Ars that the most likely scenario for exploitation would be a state-sponsored attack on a cloud service as it could affect multiple virtual machines running on the same CPU.

"Don't think of this as the next big tool to exploit ransomware or regular malware, because it doesn't go like that. A side-channel attack is time consuming and it requires hours to pluck information from the CPU. For a cyber criminal trying to get their hands on quick information, there's phishing," Botezatu explained.

"But for a state-sponsored threat actor, targeting a high profile organisation, this thing is gold. Because they have all the time in the world to make guesses and this kind of attack doesn't leave an any forensic traces on computers," he added.

Permalink to story.



Posts: 1,535   +849
This is what happens when you implement back doors for government spying. Rest of the world is very generous with American companies while Huawei didn't enjoy this luxury.
The chinese bots are awake today, I see.

No one mentioned China, Huawei, or deliberate backdoors.


Posts: 43   +30
This is what happens when you implement back doors for government spying. Rest of the world is very generous with American companies while Huawei didn't enjoy this luxury.
This is a design flaw. Once Spectre was discovered, hackers went in to overtime look for other ways to exploit speculative execution. The reason why tech companies are fighting to prevent designing back doors is eventually they will be found and exploited, they have there hands full squishing bugs they weren't aware of.
  • Like
Reactions: Black Paper


Posts: 22   +37
The chinese bots are awake today, I see.

No one mentioned China, Huawei, or deliberate backdoors.
If I had said Kaspersky I would have been called a Russian bot. I just pointed out a hypocrisy. This is most likely a bug. When a US company is hurt it is considered a real bleeding but for others it is called a fake tomato sauce.
  • Like
Reactions: Black Paper


Posts: 698   +237
Intel again. Seems Intel chips are one big security hole. Made of millions smaller.
What's the name of the next generation Intel chips. "Stinking Lake"?


Posts: 74   +46
Here's the thing. A large percentage of these processor design flaws don't affect the average user to any great degree. Yes it's important to be aware and have fixes in place for the most part, but many require physical access to the system to implement.

Of the ones that don't it would take a very naive user with a total lack of any security awareness to allow any exploit like this to be used against them. And with that sort of user it's pretty much a matter of time any way. Something's going to get them eventually.

IMHO all these articles do is panic anyone who isn't fully informed. But OTOH the real security threat, the lauded IoTs just keeps picking up steam as we wire more and more "smart" products together. That's your real security threat, but no one seems to care.