Microsoft has fixed a “serious security flaw in Intel processors” that threatened to undo both companies’ work patching the Spectre and Meltdown vulnerabilities, Tom’s Guide reported on Tuesday.
Spectre and Meltdown was a massive flaw in the way Intel processors handled speculative execution, a technique used in modern processors to enhance performance, that was first revealed in 2018. Speculative execution relies on predicting which calculations a processor will need to perform in advance, allowing it to work on tasks in advance and in parallel fashion rather than strictly sequentially. Unfortunately, it turned out an unfixable hardware flaw in virtually every one of Intel’s CPUs meant that they didn’t check permissions correctly and leaked information about speculative commands that were never run, possibly allowing an attacker glimpses at ultra-sensitive kernel memory.
The issue hit Intel by far the hardest, but also competitors like AMD and ARM to a lesser degree. Patches have since been issued, but at around the same time researchers for security firm Bitdefender discovered a related issue that threatened to make the patches useless for Windows machines, Tom’s Guide wrote. Bitdefender researchers revealed their findings at the Black Hat security conference in Las Vegas on Tuesday, almost exactly a year to the date after finding it.
According to Tom’s Guide, the “flaw affects a system instruction in 64-bit Windows called SWAPGS, a kernel-level instruction set introduced with Intel’s Ivy Bridge processors in 2012 that can be speculatively executed in user mode.” That in and of itself violated separation of system and user functions, and by manipulating this flaw an attacker could steal data from the system kernel (potentially exposing everything from passwords and encryption keys to other protected data). Tom’s Guide wrote that the vulnerability also introduced a potential workaround to security fixes introduced in the wake of the Meltdown and Spectre mess: