A serious vulnerability present in Intel processors since 2012 has only now been patched by a recent Windows update. Speculative execution, a performance function available on Ivy Bridge and later processors, has a critical vulnerability that allows attackers to open up a side channel. This could be used to leak passwords, encryption keys, and other critical data.

Bitdefender, a security research firm, wrote a paper demonstrating the side-channel vulnerability. They mention that it’s similar in form to Meltdown and Spectre. So what does speculative execution do, exactly? It’s a capability that allows these Intel processors to execute instructions before they know whether or not the results of are needed. A sidechannel attack can let threat actors bypass basic memory isolation. This way, they can get access to privileged data without having privileged access.

In this case, the sidechannel exploit is possible because of a specific chip instruction called SWAPGS. Speaking to Ars Technica, Bitdefender’s Bogdan Botezatu had this to say

“What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could… carry out a side-channel attack.”

There is a silver lining here. While the vulnerability exists on all Intel processors Ivy Bridge on up, Bitdefender researchers said it was not feasible for the exploit to be used under Linux, MacOS, Unix, or FreeBSD. For the time being, this looks to be a Windows-only vulnerability. Microsoft’s patch changes the way in which a processor speculatively accesses memory, which fixes the exploit without the need for a chip microcode update.

While the vulnerability’s been patched, it’s alarming that it lay undiscovered for seven years straight. This just goes to underline the fact that no system is ever 100 percent secure.

Leave a Reply