New Intel side-channel vulnerability targets Windows machines

Microsoft has patched the vulnerability, which affects virtually all servers and laptops using modern Intel processors

A new vulnerability has surfaced that could allow hackers to access passwords, tokens, private conservations and encryption from machines using Intel processors.

The side-channel vulnerability, discovered by cyber security firm Bitdefender, affects all machines that use Intel CPUs, run Windows and leverage speculative-execution, including data centre servers and consumer laptops. A successful exploit could hand all information residing in an operating system kernel memory to an attacker. Bitdefender said early research indicates neither Linux nor x86 processors are affected.

The attack bypasses all previous patches implemented following the discovery of Spectre and Meltdown. Microsoft has released a patch to mitigate the exploit and other ecosystem partners are assessing whether they need to release similar fixes.

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” said Gavin Hill, VP, datacenter and network security products at Bitdefender.

Side-channel

Compared to other exploits, side-channel attacks are unique in that they are hardware and software agnostic. Side-channel attacks infiltrate machines by undermining the way operating systems and hardware communicate with each other to turn a system against itself.

The two most well-known side-channel vulnerabilities are Spectre and Meltdown, both of which surfaced in early 2018 before being patched. While side-channel attacks had been around well before the discovery of Spectre and Meltdown, these attacks were the first speculation execution-based exploits discovered.

Speculative-execution is a CPU function common to most modern CPUs that enables processors to execute instructions before knowing whether the results are required. Once undermined, a CPU possessing this function can be tricked into permitting an attacker to bypass hardware memory isolation enforcement, unlocking the door to data that would usually be shielded off from unauthorised system processes.

The newly-surfaced attack, dubbed SWAPSG, appears to be a “soft” side-channel attack, as although it is hardware agnostic, it is not software agnostic. As Bitdefender explains, SWAPSG combines Intel speculative-execution and the use of a Windows specific instruction to infiltrate machines.