2 min read

Intel Chips Prone to Hacks - 64-bit OSs Deemed Vulnerable

Liviu ARSENE

June 15, 2012

Intel Chips Prone to Hacks - 64-bit OSs Deemed Vulnerable

Intel CPUs are prone to hacker attacks after a vulnerability in the way they implement the SYSRET instruction was discovered in their x86-64 extension.

The vulnerability could allow hackers to execute code with kernel privileges while in a non-administrator account, or to gain control of a host operating system after escaping a virtual machine. The U.S. Computer Emergency Readiness Team (US-CERT) issued a security advisory in which it thoroughly details the vulnerability.

“Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape,” says the US-CERT.

Several x64-based operating systems like Windows 7, Windows Server 2008 R2, 64-bit FreeBSD, 64-bit NetBSD, as well as systems that include the Xen hypervisor, are exposed to this vulnerability.

While 32-bit operating systems are safe, Intel CPUs that use the Intel 64 extension need the security patches released by Microsoft in their MS12-042 security bulletin.

The VMware virtualization software does not seem affected by the vulnerability as its hypervisor doesn`t use the SYSRET instruction, making the virtualization solution safe from attacks. AMD is also on the list of vendors not affected by the privileged escalation exposure issued by US-CERT. Because the SYSRET instruction is handled differently on AMD CPUs, the CVE-2012-0217 vulnerability does not apply to these chips.

AMD processors’ SYSRET behavior is such that a non-canonical address in RCX does not generate a #GP while in CPL0. We have verified this with our architecture team, with our design team, and have performed tests that verified this on silicon,said AMD. “Therefore, this privilege escalation exposure is not applicable to any AMD processor“.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read