Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs

Written by Bijoy B

Aug 10, 2019 | TECH

Latest Articles

HTC Vive Cosmos hands-on: VR never looked so good
HTC Vive Cosmos hands-on: VR never looked so good

In 2016, HTC revealed the Vive VR headset to the world. In the years since, HTC has released several versions, like the Vive Pro, Vive Pro Eye and the standalone Vive Focus and Vive Focus Plus (for developers and businesses). Now it's ready to launch a brand-new...

What to expect at Apple’s September 10 iPhone event
What to expect at Apple’s September 10 iPhone event

The iPhone 11 and iPhone 11 Pro also include the same A13 Bionic processor. This should be the most powerful processor from the company yet. Given Tim Cook once boasted that its predecessor, the A12, was faster than any laptop CPU from Intel, we expect it to be a...

Huawei’s new operating system is called HarmonyOS
Huawei’s new operating system is called HarmonyOS

When it comes to getting a customer service issue resolved as quickly as possible, publicly tweeting at a company can be quite effective. You’d certainly hope, however, that the company wouldn’t respond by publicly sharing your sensitive data—as Southwest Airlines...

Windows Quietly Patches Bug That Could Reverse Meltdown, Spectre Fixes for Intel CPUs

by | Aug 10, 2019 | TECH

Microsoft has fixed a “serious security flaw in Intel processors” that threatened to undo both companies’ work patching the Spectre and Meltdown vulnerabilities, Tom’s Guide reported on Tuesday.

Spectre and Meltdown was a massive flaw in the way Intel processors handled speculative execution, a technique used in modern processors to enhance performance, that was first revealed in 2018. Speculative execution relies on predicting which calculations a processor will need to perform in advance, allowing it to work on tasks in advance and in parallel fashion rather than strictly sequentially. Unfortunately, it turned out an unfixable hardware flaw in virtually every one of Intel’s CPUs meant that they didn’t check permissions correctly and leaked information about speculative commands that were never run, possibly allowing an attacker glimpses at ultra-sensitive kernel memory.

The issue hit Intel by far the hardest, but also competitors like AMD and ARM to a lesser degree. Patches have since been issued, but at around the same time researchers for security firm Bitdefender discovered a related issue that threatened to make the patches useless for Windows machines, Tom’s Guide wrote. Bitdefender researchers revealed their findings at the Black Hat security conference in Las Vegas on Tuesday, almost exactly a year to the date after finding it.

According to Tom’s Guide, the “flaw affects a system instruction in 64-bit Windows called SWAPGS, a kernel-level instruction set introduced with Intel’s Ivy Bridge processors in 2012 that can be speculatively executed in user mode.” That in and of itself violated separation of system and user functions, and by manipulating this flaw an attacker could steal data from the system kernel (potentially exposing everything from passwords and encryption keys to other protected data). Tom’s Guide wrote that the vulnerability also introduced a potential workaround to security fixes introduced in the wake of the Meltdown and Spectre mess:

Night Time

Bitdefender researchers found that the vulnerability (tracked as CVE-2019-1125) affected Microsoft machines using modern Intel processors, which Microsoft fixed in a silent update on Tuesday. According to Ars Technica, Bitdefender researchers also tested two AMD CPUs and were unable to find a similar problem, as AMD’s implementation of the SWAPGS function didn’t appear to rely on speculative execution. Bitdefender director of threat research and reporting Bogdan Botezatu told the site that it was technically possible to run the exploit on Linux, Unix, or FreeBSD, or macOS systems, but that for technical reasons that would be “unfeasible.”

“What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could… carry out a side-channel attack,” Botezatu told Ars Technica. “By doing that, we are going to leak kernel memory into the user space even if there are security measures that should prevent us from doing that.”

Botezatu also told Ars Technica that one of the most likely ways this flaw could be exploited would be a nation-state attack on a cloud service, as it could affect multiple virtual machines running on the same CPU. Such an attack would “make sense for a state-sponsored attacker that has access to resources in a multi-tenant environment,” Botezatu said, adding that an attacker using this method might require hours at a time to steal data but could potentially remain undetected for up to a year.

2 Comments

  1. Bijoy B

    Hello….

    Reply
    • Bijoy B

      Its me…

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Pin It on Pinterest