Researchers from Bitdefender have disclosed a new Windows vulnerability that can bypass the mitigations put in place to protect users from Spectre and Meltdown.
The security flaw, which was revealed at the annual Black Hat conference 2019 in Las Vegas, affects every single Windows computer running an Intel CPU dating back to 2012, regardless of which version of Windows is installed.
"The SWAPGS Attack is a novel side-channel attack that is abusing a poorly documented behaviour of a system instruction named SWAPGS to leak sensitive kernel information whilst bypassing all known side-channel attack mitigations," said Bitdefender. "Successful exploitation allows an unprivileged attacker to leak portions of the kernel memory space which are privileged."
"A successful SWAPGS attack could allow a malicious party to read system memory on your computer that should have been inaccessible," independent security analyst Graham Cluley told IT Pro. "That means an attacker could steal sensitive information such as passwords or encryption keys ... because these flaws are in your computer's chip itself, rather than in the software running on [it]."
While it's clear how the potential attack works, there's confusion among industry experts around what systems it affects. Bitdefender said it only affects Intel chips, but Red Hat said AMD chips are also affected. Microsoft disagreed slightly by saying SWAPGS Attack is a new variant of the previously mitigated Spectre V1 threat, which means Intel, AMD and ARM chips can all be hacked using this method.
"Intel, along with industry partners, determined the issue was better addressed at the software level and connected the researchers to Microsoft," Intel said in a statement. "It takes the ecosystem working together to collectively keep products and data more secure and this issue is being coordinated by Microsoft."
Red Hat said SWAPGS Attack is a "spectre-1-like" attack vector, referring to the threat named after the method which it leverages to perform attacks - "speculative execution".
Spectre exploits the way in which modern CPUs pre-empt user processes in the near future by pre-loading tasks into fast on-chip cache memory.
Using this, attackers can infer things like passwords by monitoring how long it takes the CPU to load digits a load time which differs from other digits can mean that digit is part of the password and with enough time, attackers can use this to steal lots of sensitive information.
"The good news is that attacks like this are difficult for the average cybercriminal to undertake, and there's no evidence that even state-sponsored attackers have exploited the flaw to steal information from targets," said Cluley.
"Although the flaw can be found in the architecture of Intel chips, the fix on this occasion is thankfully not to replace the CPUs inside computers but instead to apply operating system updates which mitigate the problem," he added. "Anyone who has already applied Microsoft's July 2019 patch bundle should already be protected."
Bitdefender said it has been working closely with Intel for over a year on the public disclosure of SWAPGS Attack and said that Microsoft "has or continue to assess issuing patches, as appropriate."
"We're aware of this industry-wide issue and have been working closely with affected chip manufacturers and industry partners to develop and test mitigations to protect our customers," said a Microsoft spokesperson. "We released security updates in July and customers who have Windows Update enabled and applied the security updates are protected automatically."
