All modern Intel processors hit by flaw that could allow access to OS kernel memory

News by Rene Millman

Security researchers have discovered a new security vulnerability that affects all modern Intel CPUs. The side-channel attack bypasses all known Spectre and Meltdown mitigations.

According to a report published by Bitdefender, a flaw has been found that affects all modern Intel CPUs which leverage speculative-execution, potentially letting hackers access passwords, tokens, private conversations, encryption and other sensitive data of both home and enterprise users.
The company said that every machine using newer Intel processors which leverage speculative-execution and running Windows is affected, including servers and laptops. 
The vulnerability, discovered less than three months after the last worldwide security alert regarding Intel processors, opens the way to a side-channel attack that gives the attacker a method to access all information in the operating system kernel memory. 
 
The attack bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018.
Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy," said Gavin Hill, vice president, datacenter and network security products at Bitdefender. "Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general."
This side-channel attack takes advantage of speculative execution, a functionality that seeks to speed-up the CPU by having it make educated guesses as to which instructions might come next. Speculative execution can leave traces in-cache which attackers leverage to leak privileged, kernel memory.
This attack combines Intel speculative execution of instructions and the use of a specific instruction by Windows operating systems within what is known as a gadget.
Bitdefender said it has been working with Intel for more than a year on public disclosure of this attack. It is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information, the firm said.
Researchers added that Microsoft, and the other ecosystem partners have - or continue to assess – issuing patches, as appropriate. 
This latest revelation comes after Bitdefender discovered, in mid-May, a security vulnerability called "micro-architectural data sampling" in Intel processors that could allow an attacker to access privileged kernel-mode information considered beyond the reach of most applications.
Paul Ducklin, senior technologist at Sophos, told SC Media UK that numerous CPU 'data bleeding' flaws have been found recently, and some of them remain theoretical risks - essentially baked into the design and implementation of the chip itself - even after both the operating system and the CPU vendor have released mitigations. 
"Nevertheless, the patches we've seen in these cases typically make the theoretical attacks much, much harder to achieve in practice, to the point that it's still safe to keep using your existing laptops and servers. So you can guess what I am going to say next - patch early, patch often! It may sound like a cliché, but why let the crooks pull ahead if you don't have to?" he said.
Corey Nachreiner, CTO at WatchGuard, told SC media UK that organisations can protect themselves by doing two things.
"First, protect your computers using normal network and endpoint security controls. Most, but not all of these speculative-execution class of attacks are local attacks, including this latest one. This means an attacker must already have access to your computer or must trick you to run malware before any of these attacks work. If an attacker already has malware on your computer, you are already in trouble, regardless of these local vulnerabilities," he said.
"Simply protecting your computer from normal malware and attacks does a lot to prevent these attacks. Second, you need to apply all the Intel and OS vendor patches whenever they become available. These patches may not perfectly fix new issues researchers might discover, but they do mitigate the known issues. That said, do know that some of the fixes come with performance degradation."

Bill Conner, CEO of SonicWall, adds, "While SonicWall researchers have yet to observe any real weaponised side-channel exploits in the wild, these types of potential pervasive attacks are growing in number and regularity, as seen with Meltdown, Spectre, Foreshadow, PortSmash, and Spoiler. " He suggests that this type of new attack requires a new approach such as Real Time Deep Memory Inspection technology.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews