Advertisements

Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now

A security vulnerability that affects Windows computers running on 64-bit Intel and AMD processors could give an attacker access to your passwords, private conversations, and any other information within the operating system kernel memory. Users are advised to update Windows in order to mitigate against this new CPU “SWAPGS attack” risk.

What is the SWAPGS attack?

“We call this the SWAPGS attack because the vulnerability leverages the SWAPGS instruction,” Bogdan Botezatu, director of threat research and reporting at Bitdefender, says “an under-documented instruction that makes the switch between user-owned memory and kernel memory.” Botezatu also says that, at this point, “all Intel CPUs manufactured between 2012 and today are vulnerable to the SWAPGS attack.” Which means every Intel chip going back to the “Ivy Bridge” processor is vulnerable if inside a machine running Windows.

However, it appears it is not just Intel CPUs that are affected by the SWAPGS attack vulnerability. According to a Red Hat advisory published August 6th, the threat “applies to x86-64 systems using either Intel or AMD processors.” Something that AMD itself disputes.

An AMD spokesperson pointed me in the direction of a public statement online: “AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.”

That same Red Hat advisory stated that “based on industry feedback, we are not aware of any known way to exploit this vulnerability on Linux kernel-based systems.” During my briefing with Botezatu, he noted that “Linux machines are also impacted,” however, due to the operating system architecture they are “less prone to this type of attack, as it is less reliable.” Botezatu says that other operating system vendors are not impacted at this point, “but are still investigating similar attack avenues leveraging the SWAPGS attack.”

As already mentioned, Bitdefender researchers have been working with Intel for more than a year to address the risk from this new “side-channel” attack that, the company said, “bypasses all known mitigations implemented after the discovery of Spectre and Meltdown in early 2018.”

However, it has waited until now to disclose the information as Microsoft has issued a fix to address the vulnerability as part of the July 9 “Patch Tuesday” updates. Even so, despite the best efforts of everyone concerned, Bitdefender admitted that “it is possible that an attacker with knowledge of the vulnerability could have exploited it to steal confidential information.”

A Microsoft spokesperson provided me with the following statement: “We’re aware of this industry-wide issue and have been working closely with affected chip manufacturers and industry partners to develop and test mitigations to protect our customers. We released security updates in July, and customers who have Windows Update enabled and applied the security updates are protected automatically.”

I understand that as soon as Microsoft became aware of the issue, it worked quickly to address it and release an update as soon as possible. Microsoft works closely with both researchers and industry partners to make customers more secure, and as such did not publish details until August 6 as part of a coordinated vulnerability disclosure.

Red Hat has stated that “there is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing Spectre mitigations from previous updates.”

So, to address the issue for Linux machines requires updates to the Linux kernel in combination with microcode updates. “Red Hat customers running affected versions of the Red Hat products are strongly recommended to update them as soon as errata are available,” Red Hat advises, “customers are urged to apply the appropriate updates immediately and reboot to mitigate this flaw correctly.”

Meanwhile, an Intel spokesperson provided the following statement via email:

“On August 6th, researchers from Bitdefender published a paper entitled “Security Implications of Speculatively Executing Segmentation Related Instructions on Intel CPUs.” As stated in their paper, Intel expects that exploits described by the researchers are addressed through the use of existing mitigation techniques. We believe strongly in the value of coordinated disclosure and value our partnership with the research community. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

How is the SWAPGS attack related to Spectre?

Like the Spectre vulnerability which dominated the headlines for so long, this new side-channel exploit takes advantage of the speculative execution functionality of modern processors. Simply put, that functionality speeds up the CPU by enabling it to make a bunch of educated guesses as to the instructions that will come at it next. Thomas Brewster has a good primer on these side-channel attacks in this Forbes article from May 22, 2018.

Where SWAPGS differs is in the attack methodology as it combines that speculative execution of instructions with the use of that previously mentioned SWAPGS instruction by Windows operating systems within a gadget.

How easily can this attack be executed?

The chances of falling victim to a SWAPGS attack now that the details have been disclosed have increased, so users are advised to apply available updates as a matter of urgency if they have not already done so. However, it should be remembered that, as Botezatu admits, “this is not your run of the mill attack against regular computers, as running the SWAPGS attack is time-consuming.”

Your average threat actor would instead rely on lucrative, and easy to execute, attack methodologies such as phishing. “On the other side, exploiting this bug from a threat actor perspective brings significant advantages,” Botezatu warns “it circumvents anti-malware defenses and would leave no traces on the compromised system.”

The scary firmware attack surface explained

Ian Thornton Trump, head of cybersecurity at Amtrust International, knows what this “BIOS and firmware” attack surface looks like. “To understand why it’s so scary comes down to one simple concept,” Thornton-Trump tells me, “if the firmware, BIOS and microcode layers of a computer are insecure than it is impossible to put a secure operating system on top of that.”

Indeed, when the original Spectre threat story first broke, I recall Thornton-Trump speculating that the modern CPU is actually an operating system unto itself; concluding that architectural and procedural vulnerabilities will be aggressively explored by security researchers.

“Now we have a new development in this story,” Thornton-Trump says, “inserting code into speculative execution can yield an exploit for a component of the 64-bit Windows Kernel.” What does this mean? “It means the Operating System is no longer secure because the CPU is not secure,” and the result of that is a leak of user mode data.

Which users are at most real-world risk from SWAPGS?

“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” Gavin Hill, vice-president for datacenter and network security products at Bitdefender warned.

“I don’t think this is going to be leveraged into a Wannacry or Notpetya level of attack,” Thornton-Trump says, “and I don’t think it will be adopted by cyber-criminals with financial motivations.” These are the sort of vulnerabilities that “Government Cloud” and “Military Mega-Cloud” projects should be aware of, according to Thornton-Trump.  “For people with sensitive data in virtual environments these sorts of exploits need to be considered in the threat model,” he concludes, “for the rest of us, we have far worse issues to deal with.”

Follow me on Twitter or LinkedIn. Check out my website.

I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at davey@happygeek.com if you have a story to reveal or research to share.

Source: Microsoft Confirms New Windows CPU Attack Vulnerability, Advises All Users To Update Now

Advertisements

Microsoft Has Some Bad News For Windows 10 Haters

uncaptioned

Windows 10 users are plagued by ongoing problems with Windows 10 updates such as systems freezing, refusing to install if USB drives are present and even dramatic performance impacts on essential software. So perhaps it should come as no surprise that there is a large tranche of users who are refusing to make the move from Windows 7 to the Microsoft operating system flagship. According to the latest market share statistics the number of people still using Windows 7 has remained pretty static month on month. What may well surprise you is that while Windows 10 enjoyed a 44.1% share of the overall operating system market in April, Windows 7 still accounted for 36.43%. That figure hasn’t moved much at all from the 36.9% in December last year.

Microsoft obviously wants everyone to move to the latest generation of Windows and has a double-whammy of bad news for Windows 10 haters I’m afraid. Whammy number one is that Windows 7 will reach its end-of-life status on January 14 next year. Whammy number two is that it will cost you as much as $200 per year to get “extended security support” after that period. Assuming, that is, you are not a home user. I guess you could add a whammy number three in that home users will have absolutely zero options for security support post January 14, 2020.

There are plenty of very good reasons why people are reluctant to make the move to Windows 10: the hardware Windows 7 is running on might not be powerful enough or available storage could be problematical for example, but overwhelmingly it is likely to boil down to a simple dislike of Windows 10. In exactly the same way that Windows XP users steadfastly hung onto that obsolete operating system for years and refused to upgrade to Windows 7, I expect that the same will happen again as Windows 10 haters are “gonna hate” as the saying goes. Yet Windows 7 is fast approaching end of life status when free security support will come to an end. After January 14, 2020 it will cost as much as $200 per year, per PC, to upgrade to extended security support to keep it alive. And as I’ve already mentioned that’s for enterprise users only, there is no such option for home users.

The security question was widely dismissed as fake news by XP users for the longest time. I imagine a great many Windows 7 users will likewise insist it is far more secure than Windows 10. While there hasn’t been another WannaCry to highlight the problems of continuing to use unsupported operating systems, that doesn’t make Windows 7 a secure bet. Just last month Google was urging all Windows 7 users to upgrade to Windows 10 after the discovery of two zero-day vulnerabilities that could be used in tandem to take over host systems. Microsoft coughed up additional security updates for XP users in the wake of WannaCry, but Windows 7 users shouldn’t be lulled into a false sense of security by that.

I’m not going to explore all the security arguments for upgrading from Windows 7 to Windows 10, not least as SentinelOne has done a great job of detailing 32 security reasons to move to Windows 10 over at the Security Boulevard blog. I do, however, urge all Windows 7 diehards to go read that article and ponder the potential consequences of sticking with it. In order to finish this bad news story with some potential good news, it is still possible to upgrade to Windows 10 for free if you are a Windows 7 user despite the original Get Windows 10 offer expired in 2016. It’s a little convoluted and involves the Microsoft media creation tool, a USB (or DVD) drive and a pinch of luck, but you can find the full instructions here.

Please follow me on Twitter or connect with me on LinkedIn, you can find more of my stories at happygeek.com

I have been covering the information security beat for three decades and Contributing Editor at PC Pro Magazine since the first issue way back in 1994.

Source: Microsoft Has Some Bad News For Windows 10 Haters

Microsoft Broke Windows 10 Again, Despite Warnings From Windows Insiders – Jason Evangelho

1.jpg

Well folks, I’m running out of ways to cleverly introduce the fact that your current build of Windows 10 may have another nasty bug. While it’s not as severe as having your documents wiped out of existence, it can still be classified as very irritating for users. That’s because the bug in question breaks file associations, preventing certain file types from opening with the default programs you choose. For example, not being able to associate Adobe Photoshop with image files, Notepad++ with text files or VLC with .mp4 files………

Read more: https://www.forbes.com/sites/jasonevangelho/2018/11/08/microsoft-broke-windows-10-again-despite-warnings-from-windows-insiders/#57b1415177ed

 

 

 

 

 

Your kindly Donations would be so effective in order to fulfill our future research and endeavors – Thank you

%d bloggers like this:
Skip to toolbar