1 min read

Intel Fixes Dangerous Plundervolt Vulnerability

Silviu STAHIE

December 13, 2019

Intel Fixes Dangerous Plundervolt Vulnerability

Intel has quickly released a fix for the new and already infamous Plundervolt vulnerability found in Intel 6th, 7th, 8th, 9th, and 10th generation processors, alongside Xeon Processor E3 v5 and v6, and Xeon Processor E-2100 and E-2200.

Security researchers identified a vulnerability in Intel Software Guard Extensions (Intel SGX), which is a piece of architecture embedded in several Intel processors that allows users (including the OS) to store essential code in protected enclaves, akin to a vault. Attackers obtained the cryptography key for the encrypted SGX data by lowering the voltage, compromising any system.

“A potential security vulnerability in some Intel Processors may allow escalation of privilege and/or information disclosure. Intel has released firmware updates to system manufacturers to mitigate this potential vulnerability,” states Intel”s advisory. “Improper conditions check in voltage settings for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure via local access.”

According to a DarkReading report, attackers undervolted the SGX systems, which allowed them to recover the AES encryption key. The patch issued by Intel disallows this for SGX, and the company promised to give users with an SGX TCB key recovery solution, which should arrive in Q1 2020.

Several universities were involved in the research, including the University of Birmingham, Technische Universität Darmstadt, University of Maryland, University of Maryland, and Tsinghua University.

The patch can only be integrated at the Bios level, which means that users will have to install Bios updates as they become available from manufacturers. Unfortunately, since Bios updates are never installed automatically, many people will remain vulnerable to this exploit until they upgrade to a new motherboard.

Each new motherboard in production right now will ship with the patch already installed, so customers should check if there is a different revision for their hardware.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read