More Security Vulnerabilities on Intel CPUs, Microsoft Only Just Released a Fix

- Advertisement -

A serious vulnerability present in Intel processors since 2012 has only now been patched by a recent Windows update. Speculative execution, a performance function available on Ivy Bridge and later processors, has a critical vulnerability that allows attackers to open up a side channel. This could be used to leak passwords, encryption keys, and other critical data.

Bitdefender, a security research firm, wrote a paper demonstrating the side-channel vulnerability. They mention that it’s similar in form to Meltdown and Spectre. So what does speculative execution do, exactly? It’s a capability that allows these Intel processors to execute instructions before they know whether or not the results of are needed. A sidechannel attack can let threat actors bypass basic memory isolation. This way, they can get access to privileged data without having privileged access.

In this case, the sidechannel exploit is possible because of a specific chip instruction called SWAPGS. Speaking to Ars Technica, Bitdefender’s Bogdan Botezatu had this to say

- Advertisement -

“What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could… carry out a side-channel attack.”

There is a silver lining here. While the vulnerability exists on all Intel processors Ivy Bridge on up, Bitdefender researchers said it was not feasible for the exploit to be used under Linux, MacOS, Unix, or FreeBSD. For the time being, this looks to be a Windows-only vulnerability. Microsoft’s patch changes the way in which a processor speculatively accesses memory, which fixes the exploit without the need for a chip microcode update.

While the vulnerability’s been patched, it’s alarming that it lay undiscovered for seven years straight. This just goes to underline the fact that no system is ever 100 percent secure.

- Advertisement -

- Advertisement -

Leave A Reply

Please enter your comment!
Please enter your name here

Related posts

Latest posts

Entire Intel 12th Gen Alder Lake Mobile CPU Lineup Leaked – Alder Lake M, P And S Range Specs Explained

The entire range of mobile CPUs in Intel's 12th gen Alder Lake lineup has been leaked, and we explain how 12th gen Intel CPUs will compare with the existing Core i3, i5, i7 and i9 tiers.

Apple Discontinuing iMac Pro, Making Way For 2021 Redesign?

Apple appears to have discontinued the iMac Pro as the company has now declared that one can buy the device only till "supplies last." The...

‘Digital Twin of Earth’ to Help Scientists Predict Climate Change

A group of scientists are looking to combine the Earth sciences and the computer sciences to create a 'digital twin of Earth'. Read on to find out more.

Next Article Loading