Bitdefender, the innovative cybersecurity solutions provider protecting 500 million machines worldwide, has discovered a new security vulnerability that affects all modern Intel CPUs which leverage speculative-execution, potentially letting hackers access passwords, tokens, private conversations, encryption and other sensitive data of both home and enterprise users.
Every machine using newer Intel processors which leverage speculative-execution and running Windows is affected, including servers and laptops.
The vulnerability discovered less than three months after the last worldwide security alert regarding Intel processors opens the way to a side-channel attack that gives the attacker a method to access all information in the operating system kernel memory.
The attack bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018. Bitdefender Hypervisor Introspection mitigates this new attack on unpatched Windows systems.
“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage, and spy,” said Gavin Hill, Vice President, Datacenter and Network Security Products at Bitdefender. “Research into these attacks is on the cutting edge as it gets to the very roots of how modern CPUs operate and requires a thorough understanding of CPU internals, OS internals, and speculative-execution side-channel attacks in-general.”
This side-channel attack takes advantage of speculative execution, a functionality that seeks to speed-up the CPU by having it make educated guesses as to which instructions might come next. Speculative execution can leave traces in-cache which attackers leverage to leak privileged, kernel memory.
This attack combines Intel speculative execution of instructions and the use of a specific instruction by Windows operating systems within what is known as a gadget.
Bitdefender has worked with Intel for more than a year on public disclosure of this attack. It is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information.