Just over a year and a half after the release of the vulnerabilities of Meltdown and Specter, which allowed for new side-channel attacks against different processors from Intel and other vendors, again, new related approaches have been rediscovered. Cleaning up after the first discoveries still takes.
The research laboratory of the Romanian antivirus manufacturer Bitdefender spent a year researching and working with Intel and Microsoft to address the vulnerability that will be revealed on Wednesday at the 2019 Black Hat USA Security Conference in Las Vegas.
The abyss, which has not yet received its memorable name, combines speculative execution with the use of a specific command from the Windows operating system within the so-called gadget code snippet. This can be used to spy on otherwise inaccessible storage sites (leakage gadgets) or to send this information over the network (broadcast gadgets).
Available only on Windows
The new attack bypasses all known defenses that have been implemented since Specter and Meltdown in the spring of 2018. It affects all current Intel processors (those with Ivy Bridge or later), but so far only works on Windows operating systems. The necessary patches have already been created by Microsoft.
Estimated loopholes that make protected area information readable or manipulated by speculative execution and various types of page feeds are open regularly from 2018 at the latest in May this year. Some are easier to stick to, like the current ones, some are harder.
More details about the new vulnerability can be found in a blog post. A summary of the attack and how to mitigate it is posted on a separate page.
(David was driving) /