Report by Bitdefender Another new vulnerability affecting Intel processors

Researchers from the security firm Bitdefender have discovered a new side channel attack based on the mechanisms of the Spectre and Meltdown attacks. Affected are Intel processors that use speculative execution.

In order to speed up the CPUs, chip manufacturers have implemented different versions of speculative execution. In this case, instructions are executed »on suspicion« before it is determined whether the instructions are actually necessary. This speculative execution can leave sensitive data in the cache, which attackers can read out to obtain passwords or secret keys, for example.

Compared to traditional cyber attacks, however, these attacks are highly complex. The attackers use certain machine commands and functions of the Windows operating system. They need to understand the internal workings of the CPU (jump prediction, out-of-order execution, speculative execution, pipeline, and caches) and the operating system internals (system calls, interrupt and exception handling, and KPTI). All processors of the »Ivy Bridge« generation and later introduced by Intel since 2012 are affected by the attack.

Details only after patch delivery by Microsoft

Unpatched 64-bit Windows operating systems are vulnerable to the attack. Because the attack deeply penetrates the system, countermeasures are difficult because they affect functions that significantly increase CPU performance. For a hundred percent defense one would have to switch off the hyperthreading consequently, write the experts of Bitdefender. However, Bitdefender has already been working with Intel and Microsoft for a year. But Bitdefender has held back the detailed report about the effectiveness of the new attack until now, because it was only on August 6, 2019 that Microsoft released a patch that modified the access of the CPU to the memory and limited the risk. The patch does not require a microcode update.

For companies that do not want to install the patch unchecked, Bitdefender recommends to outsource the workload to a hypervisor that is checked with »Hypervisor Introspection«. This is a method developed by Bitdefender in which the hypervisor instruments speculatively executed commands and ensures that vulnerable command structures are not executed speculatively. According to Bitdefender, this hypervisor introspection has only an insignificant effect on performance.