Cyber security firm Bitdefender has revealed the existence of a new vulnerability that targets modern Intel CPUs running Windows that utilise speculative-execution.
The exploit focuses on speculative-execution via side-channel, which is used by modern Intel CPUs to try to guess what instruction users might input next in order to increase the operational speed.
This can result in traces being left in the cache, and combined with specific instruction from Windows operating systems – referred to as SWAPGS – within a gadget, these traces can leak privileged, kernel memory.
As a result, attackers can exploit this SWAPGS attack to access confidential data like passwords, tokens, conversations and encryption from both enterprise and home users, according to Gavin Hill, vice president for data centre and network security products at Bitdefender.
“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” said Hill.
“Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general.”
This new vulnerability has been described by Bitdefender as being able to bypass preventative methods used to protect CPUs from 2018’s Spectre and Meltdown.
In order to protect Intel computers, Bitdefender has been working with Intel for over a year on the vulnerability, while Microsoft and other ecosystem partners have been distributing patches or planning to issue patches; it’s not something that can be fixed with just antivirus software, according to Bogdan Botezatu, senior e-threat analyst at Bitdefender.
“[It’s] also important to note, this vulnerability exploit is designed to exfiltrate data without leaving any traces and takes considerable effort. That's why the usual target is generally a prominent data centre or a large enterprise infrastructure,” Botezatu said.
“These side-channel attacks are extremely sophisticated and can do significant damage, they are not a common strand of malware that someone can simply prevent with antivirus software.”
Due to the SWAPGS attack’s sophistication, it can be difficult for users to identify what has been lost, Botezatu added.
“Exploiting this vulnerability leaves no traces and any internal audit will likely never reveal anything wrong or any data that has been copied by the attacker. The reality is that if the vulnerability has been exploited and a memory kernel has been exfiltrated you cannot guess or assess what exactly you lost,” Botezatu said.
“To stop future attempts you need to patch the vulnerability with Microsoft updates.”