There is a new vulnerability for Intel CPUs which could be used by attackers to get your information. Unluckily, it is not just Intel CPUs that are affected by the SWAPGS attack vulnerability. In order to mitigate this vulnerability, companies whose products are affected by SWAPGS attack release updates.

Windows computer that is running on 64-bit Intel and AMD processors may be attacked by a security vulnerability. Attackers will gain your private information such as private conversations, passwords and other information that you stored in the operating system kernel memory.

Thus, in order to mitigate the risk of this new Windows CPU attack vulnerability - SWAPGS attack, you are advised to update Windows. Read this post on the MiniTool website to get more details. 

Tip: If you want to upgrade CPU without reinstalling Windows, click to read this post.

What is SWAPGS Attack?

According to Bogdan Botezatu, director of threat research and reporting at BitDefender, this new CPU vulnerability leverages the SWAPGS instruction, so they call this vulnerability the SWAPGS attack. The SWAPGS instruction is an under-documented instruction that toggles between user-owned memory and kernel memory.

a new vulnerability for Intel CPUs SWAPGS attack

Botezatu added that all Intel CPUs which are produced from 2012 until now are vulnerable to SWAPGS attacks. This means that if inside a machine running in Windows, every Intel chip returning to its "Ivy Bridge" processor is vulnerable. 

However, it seems that Intel CPUs are not the only ones affected by the SWAPGS attack vulnerability. The threat applies to x86-64 systems that use Intel or AMD processors, according to a report released by Red Hat advisory on August 6.

An AMD spokesperson points out that AMD notes that a new study claims that privileged kernel data may be allowed to access by new speculative execution attacks. According to the external and internal analysis, AMD thinks that their products are not vulnerable to the SWAPGS variant attacks.

All AMD products are not speculating on the new GS value which follows a speculative SWAPGS. The mitigation solution for the attack that is not a SWAPGS variant is to carry out existing recommendations for Spectre variant 1 of AMD. 

Red Hat advisory also reports that they haven’t found any known way that can exploit this vulnerability on Linux kernel-based systems. Linux machines have also been affected, but they are less vulnerable to this attack since it is not very reliable, because of the operating system architecture.

Other operating system vendors have not been affected, but they are still working on similar avenues that leverage the SWAPGS attack.

Updates Released to Mitigate the SWAPGS Attack Vulnerability

Researchers of BitDefender have already been working with Intel for over a year, and they are trying to resolve the risk from this new attack that bypasses all known mitigations which implemented in early 2018 after the discovery of Spectre and Meltdown.

However, Microsoft waited until now to expose this information because it released the SWAPGS attack mitigation solution to address the vulnerability in its "Patch Tuesday" updates on July 9. Despite the best efforts of everyone involved, if an attacker knows about this vulnerability, he may be able to use it to steal confidential information. 

Microsoft is aware of this industry-wide problem and it has been working closely with industry partners and affected chip manufacturers. They are trying to develop and test an effective patch. In July, Microsoft released a security update that automatically protects customers who enable and apply Windows Update. 

As soon as Microsoft discovers the problem, it moves quickly to fix it and releases an update. Microsoft worked closely with industry partners and researchers in order to make users more secure, so it didn't release any details as part of a coordinated effort to disclose vulnerabilities until August 6. 

Red Hat says there is no known complete mitigation to address the problem.Users must update the kernel and reboot the system. 

Red Hat says that there is no known complete solution to address this problem and users have to update the kernel and reboot their system. This kernel patch is based on the existing Spectre mitigation solution in previous updates. 

Therefore, to fix this problem with Linux machines, you need to update to the Linux kernel with microcode updates. If you are running affected versions of Red Hat products, Red Hat strongly recommends you to immediately update these versions when errata are available, and urges you to apply the appropriate updates and restart immediately to properly mitigate this defect.

Tip: There is also a serious Intel security flaw – improper access control – was discovered in the Processor Diagnostic Tool, read this post to fix this issue. Patch The Intel CPU Bug In Windows 10/8.1/8/7/Server 2008 R2

Bottom Line

This post has shown you the newest vulnerability for Intel CPUs - SWAPGS attack, and it also shows that companies whose products are affected by this vulnerability are doing their best to solve the problem, and they release updates to mitigate the SWAPGS attack vulnerability.

  • Linkedin
  • Reddit