1 min read

Intel Fixes Dangerous Plundervolt Vulnerability

Silviu STAHIE

December 13, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Intel Fixes Dangerous Plundervolt Vulnerability

Intel has quickly released a fix for the new and already infamous Plundervolt vulnerability found in Intel 6th, 7th, 8th, 9th, and 10th generation processors, alongside Xeon Processor E3 v5 and v6, and Xeon Processor E-2100 and E-2200.

Security researchers identified a vulnerability in Intel Software Guard Extensions (Intel SGX), which is a piece of architecture embedded in several Intel processors that allows users (including the OS) to store essential code in protected enclaves, akin to a vault. Attackers obtained the cryptography key for the encrypted SGX data by lowering the voltage, compromising any system.

“A potential security vulnerability in some Intel Processors may allow escalation of privilege and/or information disclosure. Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability,” states Intel”s advisory. “Improper conditions check in voltage settings for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access.”

According to a DarkReading report, attackers undervolted the SGX systems, which allowed them to recover the AES encryption key. The patch issued by Intel disallows this for SGX, and the company promised to give users with an SGX TCB key recovery solution, which should arrive in Q1 2020.

Several universities were involved in the research, including the University of Birmingham, Technische Universität Darmstadt, University of Maryland, University of Maryland, and Tsinghua University.

The patch can only be integrated at the Bios level, which means that users will have to install Bios updates as they become available from manufacturers. Unfortunately, since Bios updates are never installed automatically, many people will remain vulnerable to this exploit until they upgrade to a new motherboard.

Each new motherboard in production right now will ship with the patch already installed, so customers should check if there is a different revision for their hardware.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read