• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Whitepapers
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Whitepapers
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Follow us
    • Twitter
    • Newsletters
    • Facebook
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Trending
  • General election
  • Huawei sues FCC
  • Xerox vs HP
  • Galaxy S11
  • McAfee 2020
The Inquirer
  • Security

Microsoft quietly patches fresh speculative execution flaw affecting Intel processors

SWAPGS-ing thing up

Microsoft quietly patches fresh speculative execution flaw affecting Intel processors
Yet another speculative execution vulnerability has been found, but luckily patches are ready
  • Roland Moore-Colyer
  • Roland Moore-Colyer
  • @RolandM_C
  • 07 August 2019
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
0 Comments

MICROSOFT HAS QUIETLY PATCHED a serious side-channel flaw that abuses speculative execution functions in processors, akin to the Spectre and Meltdown flaws.

Cybersecurity firm Bitdefender found and flagged the vulnerability, tagged as CVE-2019-1125, to Microsoft some 12 months ago, and noted the flaw allowed for a what it called a SWAPGS Attack, so-called as it exploits the use of the SWAPGS instruction that handles the interaction of speculative execution in Intel chips and its interaction with Windows.

The vulnerability affects all Intel CPUs from the Ivy Lake generation onwards, though Bitdefender noted that other chips could also be affected.

While there have been numerous patches pushed out to plug the security holes presented by Meltdown and variants of the Spectre flaws, this flaw bypasses the mitigations, thereby making it a pretty severe one.

"What we have found is a way to exploit the SWAPGS instruction which switches from userland to kernel mode in such a way that we could... carry out a side-channel attack," Bogdan Botezatu, Bitdefender's director of threat research and reporting, told Ars Technica. "By doing that, we are going to leak kernel memory into the user space even if there are security measures that should prevent us from doing that."

Bitdefender explained there are two stages to the SWAPGS Attack, the first being when SWAPGS isn't being used in the speculative execution process when it should, and the second being when it's used in speculative execution when it shouldn't be.

If exploited, the SWAPGS Attack could end up prodding a processor to leak sensitive information from a system's kernel memory, such as passwords and encryption keys.

That being said, an attacker would still need to have the ability to login and access an affected machine, as Microsoft noted: "The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information that could be used to try to compromise the affected system further."

It's also worth noting that while the vulnerability technically exists on other operating systems using the affected Intel processors, though Bitdefender pointed out that they aren't open to any real exploitation.

The SWAPGS Attack could be exploited it within cloud services, where there could be a host of sensitive data that major hacking groups or state-sponsored hackers could go after, as the vulnerability allows for a virtual machine to effectively pilfer sensitive data from another.

However, virtual machine and cloud wrangler Red Hat noted that it's aware of the flaw and doesn't see a way it can be exploited n Linux-based systems, though it has pushed out patches to fix things just in case.

"Red Hat has been made aware of an additional spectre-V1 like attack vector, requiring updates to the Linux kernel in combination with microcode updates," the company said. "This additional attack vector builds on existing software fixes shipped in previous kernel and microcode updates. This vulnerability only applies to x86-64 systems using either Intel or AMD processors."

However, when it comes to Team Red's CPUs, AMD circulated a statement acknowledging the research but claimed its chips are not vulnerable to the SWAPGS Attack: "Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS."

Intel threw around a statement noting it's worked with industry partners to plug the flaw and that Microsoft was best positioned to fix things: "Intel, along with industry partners, determined the issue was better addressed at the software level and connected the researchers to Microsoft. It takes the ecosystem working together to collectively keep products and data more secure, and this issue is being coordinated by Microsoft."

So all in all, the new processor flaw doesn't see to be that much of big deal, providing people ensure their systems are up to date and keep dodgy folks away from their computers and server farms. But it does yet again indicate how problematic speculative execution flaws are in terms of completely protecting against them. µ

Further reading

  • Chips
Intel finally takes the covers off its 10nm Ice Lake laptop processors
  • 01 Aug 2019
  • Hardware
Intel says it's flogging tech to Huawei as US eases ban
  • 01 Aug 2019
  • Chips
Google might ditch Intel in favour of AMD's Eypc Rome CPUs
  • 31 Jul 2019
  • Cellular
Apple buys 'majority' of Intel's 5G smartphone modem biz for $1bn
  • 26 Jul 2019
  • Tweet  
  • Facebook  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Intel
  • AMD
  • Microsoft
  • speculative execution
  • SWAPGS

INQ Latest

HackerOne coughs up £15k after its own member hacks itHacking me, hacking you...ah ha
HackerOne coughs up £15k after its own member hacks it

What can a hacker hack if a hacker hacks hackers...

  • Security
  • 05 December 2019
Pablo Escobar's brother launches a foldable phone with aim to blow past Apple
Pablo Escobar's brother launches a foldable phone with aim to blow past Apple

But we doubt people will be lining up to buy it

  • Phones
  • 05 December 2019
US charges Russian 'Evil Corp' hackers behind Dridex banking malware
US charges Russian 'Evil Corp' hackers behind Dridex banking malware

'Prolific' duo netted more than $100m in spree

  • Friction
  • 05 December 2019
Plex launches a free, ad-supported Netflix rival
Plex launches a free, ad-supported Netflix rival

But its library is lacking here in Blighty

  • Software
  • 05 December 2019
Back to Top

Most read

Apple's iPhone 12 might revive Touch ID with ultrasonic sensor
Apple's iPhone 12 might revive Touch ID with an ultrasonic sensor
Microsoft 365 set to arrive in Spring 2020 to unite the houses of Windows and Office
Microsoft 365 set to arrive in Spring 2020 to unite the houses of Windows and Office
Moto's One Hyper smartphone is an all-screen machine
Moto's One Hyper smartphone is an all-screen machine
John McAfee
John McAfee kicks off Presidential campaign with the aim of smashing the system
US rozzers might know you use a Ring doorbell
Amazon let cops see a heatmap of Ring doorbell users in their area
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • Newsletters
  • Facebook

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017