More Security Vulnerabilities on Intel CPUs, Microsoft Only Just Released a Fix

- Advertisement -

A serious vulnerability present in Intel processors since 2012 has only now been patched by a recent Windows update. Speculative execution, a performance function available on Ivy Bridge and later processors, has a critical vulnerability that allows attackers to open up a side channel. This could be used to leak passwords, encryption keys, and other critical data.

More Security Vulnerabilities on Intel CPUs, Microsoft Only Just Released a Fix

Bitdefender, a security research firm, wrote a paper demonstrating the side-channel vulnerability. They mention that it’s similar in form to Meltdown and Spectre. So what does speculative execution do, exactly? It’s a capability that allows these Intel processors to execute instructions before they know whether or not the results of are needed. A sidechannel attack can let threat actors bypass basic memory isolation. This way, they can get access to privileged data without having privileged access.

In this case, the sidechannel exploit is possible because of a specific chip instruction called SWAPGS. Speaking to Ars Technica, Bitdefender’s Bogdan Botezatu had this to say

- Advertisement -

“What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could… carry out a side-channel attack.”

There is a silver lining here. While the vulnerability exists on all Intel processors Ivy Bridge on up, Bitdefender researchers said it was not feasible for the exploit to be used under Linux, MacOS, Unix, or FreeBSD. For the time being, this looks to be a Windows-only vulnerability. Microsoft’s patch changes the way in which a processor speculatively accesses memory, which fixes the exploit without the need for a chip microcode update.

While the vulnerability’s been patched, it’s alarming that it lay undiscovered for seven years straight. This just goes to underline the fact that no system is ever 100 percent secure.

- Advertisement -

- Advertisement -

Leave a Reply

Related posts

AdvertismentMore Security Vulnerabilities on Intel CPUs, Microsoft Only Just Released a FixMore Security Vulnerabilities on Intel CPUs, Microsoft Only Just Released a Fix

Latest posts

Fortnite Fiasco: Everything in Between Apple, Google, and Epic Games

A lot has happened in the past few hours. From a new payment system for Fortnite to the removal of the game from App Stores, here's everything you need to know about Epic Games' new lawsuit against Apple.

Netflix’s Project Power Review: Entertaining but Needs More Imagination

Project Power is a highly entertaining movie, even though it doesn't delve deep enough into the interesting concept that it has created.

Online Therapy: When We Talk About Our Feelings, They Become Less Overwhelming

Online therapy has come as a blessing to many people in this time of lockdown. With technological advancements, it is now possible to seek help from the comforts of our home.

Next Article Loading