Serious design flaw 'affects all Intel chips from the last decade'

But an OS-level fix could drastically affect device performance - report

A serious design flaw reportedly present in all Intel's CPUs made in the last 10 years could leave devices vulnerable to hackers, requiring an operating system (OS) update in order to fix it.

The flaw allegedly affects all systems running Intel x86 chips and is present across all popular operating systems, including Windows, Linux, and macOS, but is currently under embargo, meaning the full details of the bug are yet to be officially announced. 

The bug allows normal user programs, such as database applications and JavaScript in web browsers, to distinguish some of the layout or contents of protected kernel memory areas of the chips, according to The Register, which uncovered the vulnerability.

However, the major problem for users is that a patch to the flaw will actually cause significant declines in performance for the affected machines, the publication said. These slow-downs could impact performance by as much as 30%, depending on the task and the processor model, but they're reportedly still being benchmarked.

The full details of the bug are expected to be revealed later this month. Microsoft is also expected to publicly introduce the necessary changes to its Windows operating system in an upcoming Patch Tuesday this month, after seeding them to beta testers running fast-ring Windows Insider builds in November and December.

Advertisement
Advertisement - Article continues below

A software developer who runs a popular Tumblr called Python Sweetness, has blogged about the potential trouble this flaw could cause once it's made official. They warned that "from everything I've seen, including the vendors involved, many fireworks and much drama is likely" when the embargo lifts. 

"In the worst case the software fix causes huge slowdowns in typical workloads. There are hints the attack impacts common virtualisation environments including Amazon EC2 and Google Compute Engine, and additional hints the exact attack may involve a new variant of Rowhammer," they explained.

"I would not be surprised if we start 2018 with the release of the mother of all hypervisor privilege escalation bugs, or something similarly systematic as to drive so much urgency, and the presence of so many interesting names on the patch set's CC list."

An Intel spokesperson said that "many different vendors and operating systems" are vulnerable to the bug.

They added: "Intel is committed to product and customer security and is working closely with many other technology companies, including AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue promptly and constructively. Intel has begun providing software and firmware updates to mitigate these exploits. 

"Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied."

Picture: Bigstock

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019