Microsoft warns of a vulnerability exploitable for SWAPGS attacks

ad1

A vulnerability that is affecting Windows computer running on 64-bit Intel and AMD processors could possibly be attacked, letting the attackers access and gain information such as your password, private conversations, and any other information that is stored within the operating kernel memory. 

Microsoft advises users to update windows in order to prevent against this new CPU “SWAPGS attack” risk.

What is this SWAPGS attack? 

According to Bogdan Botezatu, director of threat research and reporting at BitDefender: “We call this the SWAPGS attack because the vulnerability leverages the SWAPGS instruction – an under-documented instruction that makes the switch between user-owned memory and kernel memory.”

Botezatu also says that at this point, “all Intel CPUs manufactured between 2012 and today are vulnerable to the SWAPGS attack” which means that every Intel chip inside a machine running in Windows is vulnerable and could easily be exploited by those who know how to.

However, it seems that it is not just Intel CPUs that are currently affected by the SWAPGS attack vulnerability. Red Hat advisory publishes a thread on August 6th that the threat also applies to x86-64 systems using either Intel or AMD processors, something that AMD itself is discussing.

“AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1,” a spokesperson said. 

Red Hat advisory also releases a statement saying that based on industry feedback, they are not aware of any known way to exploit this vulnerability on Linux kernel-based systems, but nonetheless expressed the gravity of the possibility.

Botezatu noted during the briefing that Linux machines are also impacted, but due to the operating system architecture, they are “less prone to this type of attack, as it is less reliable.” Botezatu stated that other OS (operating system) vendors are not affected at this point, but they are still investigating similar attack avenues leveraging the SWAPGS attack.

Microsoft released updates to mitigate the problem caused by the SWAPGS attack vulnerability issue.

As have been stated, BitDefender researchers have already been working alongside with Intel for more than a year to resolve the probability of getting attacked from this “side-channel.” The company said: “bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018.”

Nonetheless, it has waited until now to disclose the information as Microsoft has emanated a solution to fix and resolve the vulnerability as part of the Patch Tuesday updates made on July 9th. 

Despite the efforts made by everyone that is concerned with this issue, Bitfinder admitted that “it is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information.”

Microsoft spokesperson noted that they are already aware of the “industry-wide issue” and are working closely with different stakeholders to develop an effective patch for the vulnerability.

“We released security updates in July, and customers who have Windows Update enabled and applied the security updates are protected automatically,” Microsoft said.

When Microsoft became aware of the dire situation that occurred, they quickly try to address the issue and release an update as soon as possible for the protection of its users. 

Microsoft works closely with both of its researchers and industry partners to make the customers feel more secure in using their product. 

Gavin Hill, vice-president for data center and network security products at Bitdefender warned that “criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage, and spy.” 

So to address the issue, Microsoft released a patch right away to solve the problem and has advised users to update right away.

Also, Red Hat advises that they strongly recommend for users to update immediately in order to prevent malicious actors from exploiting the already known vulnerability.

“Customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.”

Leave a Reply

Your email address will not be published. Required fields are marked *