More Security Vulnerabilities on Intel CPUs, Microsoft Only Just Released a Fix

A serious vulnerability present in Intel processors since 2012 has only now been patched by a recent Windows update. Speculative execution, a performance function available on Ivy Bridge and later processors, has a critical vulnerability that allows attackers to open up a side channel. This could be used to leak passwords, encryption keys, and other critical data.

Bitdefender, a security research firm, wrote a paper demonstrating the side-channel vulnerability. They mention that it’s similar in form to Meltdown and Spectre. So what does speculative execution do, exactly? It’s a capability that allows these Intel processors to execute instructions before they know whether or not the results of are needed. A sidechannel attack can let threat actors bypass basic memory isolation. This way, they can get access to privileged data without having privileged access.

In this case, the sidechannel exploit is possible because of a specific chip instruction called SWAPGS. Speaking to Ars Technica, Bitdefender’s Bogdan Botezatu had this to say

“What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could… carry out a side-channel attack.”

There is a silver lining here. While the vulnerability exists on all Intel processors Ivy Bridge on up, Bitdefender researchers said it was not feasible for the exploit to be used under Linux, MacOS, Unix, or FreeBSD. For the time being, this looks to be a Windows-only vulnerability. Microsoft’s patch changes the way in which a processor speculatively accesses memory, which fixes the exploit without the need for a chip microcode update.

While the vulnerability’s been patched, it’s alarming that it lay undiscovered for seven years straight. This just goes to underline the fact that no system is ever 100 percent secure.

Leave a Reply

Latest posts

Nothing Phone (1) Launch on 6/9 at 4:20? Founder’s Tweet Raises Speculations

The much awaited Nothing Phone is about to launch next month. It is going to be the company's first smartphone ever. Nothing company has stated that their new phone will run on Android based Nothing OS.

Donald Trump is no longer coming back to Twitter even if Musk removes his ban

Donald Trump was banned from Twitter last year after he incited violence at the US Capitol Hill.

WhatsApp Status section to become more useful as per a new leak

According to a new leak, WhatsApp is planning to make its status section more useful by adding previews to links that users upload on...

Loading Next Article