A speculative execution vulnerability has been discovered by BitDefender researchers in systems running Intel modems built since 2012.
SWAPGS vulnerability allows a malware-ridden program to access the computer’s kernel memory. This, in turn, allows the hacker to read sensitive data such as passwords, chat messages, e-mails, payment information and more.
At the BlackHat conference 2019, many vendors such as Google, Microsoft, Red Hat, and Intel released an advisory regarding the vulnerability.
Back in July 2019, Microsoft quietly released a fix for this speculative vulnerability under “Patch Tuesday.” If you have updated your system with new security updates, then you are already protected from the vulnerability.
What is SWAPGS vulnerability?
The hardware vulnerability that bypasses Spectre and Meltdown protections was initially discovered by Andrei Vlad Lutas of Bitdefender, back in 2018. Following this, the researchers reported the vulnerability to Intel. After working with Microsoft and Intel, the team decided to reveal the vulnerability at the ongoing BlackHat conference.
Systems with the latest Intel processors include a feature called speculative execution. The feature increases the performance of the CPU by executing instructions before they are needed.
However, speculative execution leaves traces in the cache memory, allowing hackers to easily target the instructions stored in the protected kernel memory via side-channel attacks.
The attack exploits the SWAPGS instructions; once tampered with, it can leak a lot of sensitive information from Kernel’s memory.
What do Microsoft, Google, and AMD have to say?
As I mentioned above, the July Patch from Microsoft has already fixed the vulnerability for all the Intel running systems. “Customers who have Windows Update enabled and have applied the security updates released on July 9, 2019, are protected automatically. There is no further configuration necessary,” writes Microsoft in its post.
Meanwhile, Intel believes that it would be best if the vulnerability is fixed on the software level. In its post, the tech giant confirmed that they were working with Microsoft on the issue.
As noted by Bleeping Computer, Google has added a vulnerability fix in ChromeOS 4.19 which will soon be released for all Chromebooks.
Interestingly, AMD believes they have not been affected by the SWAPGS vulnerability. “AMD products are designed not to speculate on the new GS value following a speculative SWAPGS.
On the other hand, BitDefender has released a detailed behavior analysis of the SWAGPS attack which you can read here.
