Another Serious Processor Flaw Requires Immediate Updates
By: Jim Stickley and Tina Davis
August 11, 2019
Windows operating system users need to be aware of a security vulnerability that affects all 64-bit Intel processors, as well as AMD. If this is exploited, an attacker could get access to passwords, conversations, and other information that is stored in the operating system’s kernel memory. It’s called a SWAPGS attack, which is because of how it works. The significant takeaway, however, is that if you have not updated your Windows operating system in a while, you should get on it now.
All Intel CPUs that were manufactured between 2012 and now are vulnerable to this. According to Red Hat, it also applies to x86-64 systems using AMD processors, though AMD disputes it.
Bitdefender researchers have been working with Intel on this for some time. However, it just recently disclosed it because Microsoft has released a patch to address it. It came out in the July 9 “Patch Tuesday” update. Be sure to get that one on your computer, if you haven’t done so already. It is generally a good idea to turn on the automatic updates feature to ensure patches are applied as soon as they do come out.
Red Hat users are also advised to update the Linux kernel and microcode updates as soon as possible.
On a positive note, this type of attack takes some time. So, it’s less likely it will be widespread at this time, even though the cat is now out of the bag. That said, a well-designed phishing scheme could do the trick. So, be on the lookout for those phishing email messages. Though many companies have software to filter out much of the spam, if a message is crafted well enough, it can easily bypass those and make it into the end user’s email box. Then, it’s up to that user to detect and delete it.
This is similar to the Spectre threat that took up headlines last year in that if either of them compromises your CPU, it is next to impossible to make that computer secure again…at least without significant effort.