Researchers Discover new Intel processor Vulnerability - the BranchScope Attack
Click here to post a comment for Researchers Discover new Intel processor Vulnerability - the BranchScope Attack on our message forum
Kaarme
How is it possible for Intel to have been working on this with the researchers? I thought the modern modus operandi is to reveal the flaw to the hardware manufacturer 24 hours before making it public? How much research can you do in 24 hours, huh?
insp1re2600
more crippling microcode due then?
Noisiv
insp1re2600
Angantyr
Wonderful... So Meltdown and Spectre exploited Branch Target Buffer (BTB) and now, BranchScope is the exploit of the CPU pattern history table (PHT).
Guess more microcode is inc....This is tiresome.
jaggerwild
"The attacker needs to have access to the targeted system and they must be able to execute arbitrary code". Isn't that the same access as the AMD fake issue's? Access means I can do any number of things? Or am I missing something here?
mbk1969
* yawn *
boring...
Dragondale13
schmidtbag
Seems like yet another thing to not worry about - too difficult to exploit.
TieSKey
I haven't read the original docs but from what I get from this, you only need SO admin level to affect anything running on that hardware, u don't need physical or boot procedure access. This would mean u can run this exploits on a hired VM at amazon or azure and steal info from processes running on a different VM (as is the case with spectre and meltdown).
JamesSneed
Turanis
Another one for Windows 7 users,which patched Windows against Meltdown:
Security researcher Ulf Frisk has discovered that Microsoft’s Meltdown security patch for Windows 7 and Windows Server 2008 R2 allowed normal processes to be granted full read and write access to the physical memory. This means that whoever managed to exploit the flaw would have obtained administrator privileges on vulnerable machines.
The technical analysis of the bug and the proof-of-concept exploit posted on Frisk’s blog reveal that taking advantage of the bug was not at all a complex process.
“No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required - just standard read and write!” he posted.
https://blog.frizk.net/2018/03/total-meltdown.html?m=1
tsunami231
I guess this gona be the new rage, lets out ever single vunarbiltiy to the public now
David3k
From what I understand, this one is pretty high threat because of the fact it can exploit SGX enclaves (basically "protected code and execution" areas) that doesn't need any form of process or code elevation: you can run it in a userland inside an SGX enclave within a VM and it can still exploit neighboring SGX enclaves AND host metal; no admin, drivers, cracked bios or firmware flashing needed, just code executing the right order of commands (works with various languages and compilers) and there isn't any kind of protected memory space at all on the system.
Fortunately, this can be fixed in software, but the OS and all programs have to patch to protect against this, so the burden is mostly on software devs who want to run securely on Intel hardware. From what I gather, this should have only marginal performance cost, but due to certain encryption assumptions being invalidated means program (and host OS) stability MAY be rocky (though shouldn't be an issue).
Honestly, to go on a bit of a tangent here, this is why I like to manually control when and IF my system updates are installed: I like to sit on patches for a week or two before I install it, just to be sure nothing undesirable happens. Though I do pick certain updates, based on their descriptions and affected areas, to install right away because I'm certain they don't cause issues and the fifteen minutes a month spent on this practice has saved me from days of downtime.
TheDeeGee
No worries, we will get yet another patch followed by another leak etc etc.
And at the end of the day with all 4792874525 patches applied our CPUs will perform like a Pentium 3.
RealNC
Screw this. I don't know about you, but I think it's time to go back to this:
https://i.imgur.com/0jtIGd7.jpg
rl66
RealNC
tsunami231
blazngun
You are spot on about gameplay tsunami. I have been saying for years that a good game can "look like crap" but still be awesome fun. Vast majority of new games look pretty but "are crap". It doesnt matter if its flashy and polished if its crap to play.