New Windows hack warning: Patch Intel systems now to block SWAPGSAttack exploits

If you have robust patching processes, this is a red herring. However, if you have neglected your Windows estate recently, here’s a reason to get back into the regular patch/break things/fix things/patch cycle…:

A newly uncovered vulnerability affecting every Windows computer using an Intel processor built since 2012 could allow attackers to bypass safeguards and access information held in a system’s protected kernel memory.

This new side-channel attack is built on previous research into other CPU vulnerabilities – such as Spectre and Meltdown – but this new vulnerability can bypass the protections that were implemented to protect users from attacks exploiting those flaws.

The bug has been called SWAPGSAttack because it exploits SWAPGS, an instruction for x86/x64 CPUs that switches the system to start addressing the protected memory set aside for operating system kernels.

Attackers taking advantage of SWAPGSAttack [CVE-2019-1125] could use it to secretly monitor and steal sensitive information from a targeted machine – all without leaving a trace of an attack against the hardware.

The vulnerability was discovered by researchers at Bitdefender as they researched CPU architectures. They’ve chosen to reveal what they found in a session at Black Hat USA after working with Intel, Microsoft and others to ensure an update was released to fix the bug as part of Patch Tuesday.

Other x86 processors are not thought to be affected by the vulnerability, nor are any systems running Linux-based operating systems. Nonetheless, Red Hat has also issued a warning about SWAPGSAttack.

It’s not known if the vulnerability has been exploited in the wild, but Windows computers and servers that have delayed the patch could be vulnerable to potential attacks exploiting SWAPGSAttack going forward, as could unsupported operating systems like Windows XP.


Original Article