Google and Microsoft Reveal New Spectre Attack

Topic

New Reply

Google and Microsoft Reveal New Spectre Attack
By Catalin Cimpanu | May 21, 2018

 
Security researchers from Google and Microsoft have found two new variants of the Spectre attack that affects processors made by AMD, ARM, IBM, and Intel.

Rumors about this new flaw leaked online at the start of the month in a German magazine, but actual details were published today.

AMD, ARM, IBM, Intel, Microsoft, Red Hat and Ubuntu have published security advisories at the time of writing, containing explanations of how the bugs work, along with mitigation advice.

Bug known as SpectreNG
The bugs —referred to in the past weeks as SpectreNG— are related to the previous Meltdown and Spectre bugs discovered last year and announced at the start of 2018.

Both Google and Microsoft researchers discovered the bug independently. The bugs work similarly to the Meltdown and Spectre bugs, a reason why they were classified as “variant 3a” and “variant 4” instead of separate vulnerabilities altogether.

Variant 1: bounds check bypass (CVE-2017-5753) aka Spectre v1
Variant 2: branch target injection (CVE-2017-5715) aka Spectre v2
Variant 3: rogue data cache load (CVE-2017-5754) aka Meltdown
Variant 3a: rogue system register read (CVE-2018-3640)
Variant 4: speculative store bypass (CVE-2018-3639)

 
Read the full article here

10 users thanked author for this post.

walker, Fred, columbia2011, Cascadian, RDRguy, Elly, jburk07, SueW, Pim, ch100

Reply | Quote

Replies

Spectre chip security vulnerability strikes again; patches incoming

A Google developer discovered a new way that a ‘Spectre’-style check can be used to attack any computer running any operating system.

By Steven J. Vaughan-Nichols | May 22, 2018

 
After the first-wave of Spectre and Meltdown attacks were conquered, people relaxed. That was a mistake.

Since the CPU vulnerabilities Spectre and Meltdown showed an entirely new way to attack systems, security experts knew it was only a matter of time until new assault methods would be found.

They’ve been found.
…
AMD and ARM have also both addressed these problems. At this time, Microsoft states, “We are not aware of any exploitable code patterns of this vulnerability class in our software or cloud service infrastructure, but we are continuing to investigate.”

Red Hat, however, admited that this vulnerability could be used against Linux systems. Red Hat suggested, “To fully mitigate this vulnerability, system administrators must apply both hardware “microcode” updates and software patches that enable new functionality. At this time, microprocessor microcode will be delivered by the individual manufacturers, but at a future time Red Hat will release the tested and signed updates as we receive them.”

Other operating system vendors will be issuing patches shortly.

How bad is it? Red Hat rates it as Important. That seems about right to me. It would take a local user and some effort to exploit this hole, but it’s perfectly doable.

It’s worth keeping in mind that a “local” user doesn’t have to be someone logged into a server.

 
Read the full article here

7 users thanked author for this post.

walker, Cascadian, RDRguy, Elly, SueW, Pim, ch100

Reply | Quote

Here comes the next Spectre vulnerability (Spectre V4 CPU)
by Martin Brinkmann | May 22, 2018

 
If you thought that you are done patching your devices against Meltdown or Spectre exploits, you might want to reconsider. Patches for some hardware configurations and operating systems were released by Microsoft, Intel and hardware manufacturers ever since the vulnerabilities were revealed in early 2018.
…
The web browser is the most likely attack vector for Variant 4 as the researchers demonstrated the vulnerability in a language-based runtime environment.

Like the other GPZ variants, Variant 4 uses speculative execution, a feature common to most modern processor architectures, to potentially expose certain kinds of data through a side channel. In this case, the researchers demonstrated Variant 4 in a language-based runtime environment. While we are not aware of a successful browser exploit, the most common use of runtimes, like JavaScript, is in web browsers.

Intel is not [a]ware of exploits in the wild and believes that mitigations deployed by browser developers to protect or mitigate against previous Spectre variants help mitigate Spectre Variant 4 attacks as well.

 
Read the full article here

9 users thanked author for this post.

walker, Fred, Cascadian, RDRguy, Elly, jburk07, SueW, Pim, ch100

Reply | Quote

Ask yourself: Who stands to make money by getting everyone hyped up with headlines like…

people relaxed. That was a mistake.

and

If you thought that you are done patching your devices against Meltdown or Spectre exploits, you might want to reconsider.

It strikes me again and again that “Spectre” and “Meltdown” are first and foremost tools to manipulate the masses, used by those trying to make money in “security”. Woody called it right with his very first response to the Meltdown and Spectre introduction. These are vulnerabilities with an all too well-developed marketing campaign.

-Noel

10 users thanked author for this post.

columbia2011, walker, jelson, Carl D, Sessh, woody, Ascaris, Cascadian, RDRguy

Reply | Quote

Noel is right and Woody got it right. Mass hysteria a perfect way to give PC users a reason to buy new. This makes for great apocalyptic type news even though this hardware design has been around a long while. Buts lets slow our PC down just in case with flaky firmware tricks that may not even be effective but cause system issues and slow downs. Isn’t that what a PC market needs is not only a big threat to existing technology, but it also throttles your PC?

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Not that concerned about any of this as yet. Nothing even in the wild even attempting to exploit these variants. Spectre 4 isn’t even going to get a forced firmware update and the ones that do get released the fix is a opt in option. Not only that but Dell says firmware won’t be out until July or August for most PC’s. I think they learned their lesson from the January fiasco of bad firmware releases. We already have browser dealing with Java script and the OS is handling much of the other risk management with this. Yeah I can see how the PC makers stands to benefit greatly once the CPU’s get redesigned to protect against this. So keeping up the hysteria makes sense in the long run. Personally, I have yet to see anything really to be concerned about.

Reply | Quote

Noel Carboni wrote:

Ask yourself: Who stands to make money by getting everyone hyped up with headlines like…

people relaxed. That was a mistake.

and

If you thought that you are done patching your devices against Meltdown or Spectre exploits, you might want to reconsider.

It strikes me again and again that “Spectre” and “Meltdown” are first and foremost tools to manipulate the masses, used by those trying to make money in “security”. Woody called it right with his very first response to the Meltdown and Spectre introduction. These are vulnerabilities with an all too well-developed marketing campaign. -Noel

And, all of this “Spectre” and “Meltdown” business also seems to be giving Microsoft another “weapon” in it’s seemingly never ending quest to kill off Windows 7 and force everyone (or, as many people as it can) onto Windows 10.

For example, the slowdowns experienced by Windows 7 with the Spectre/Meltdown patches apparently don’t affect Windows 10. How convenient for MS.

As others have said in the past, the GWX “campaign” never really ended. MS has just changed tactics. Definitely a well orchestrated plan, in my opinion.

1 user thanked author for this post.

anita.yk

Reply | Quote

INTEL-SA-00115: Q2 2018 Speculative Execution Side Channel Update
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html

 
Summary:
Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems.
…
Affected Products (listed)
…
Recommendations:
Most leading browser providers have recently deployed mitigations in their Managed Runtimes – mitigations that substantially increase the difficulty of exploiting side channels in a modern web browser. These techniques would likewise increase the difficulty of exploiting a side channel in a browser based on SSB.

Intel has released Beta microcode updates to operating system vendors, equipment manufacturers, and other ecosystem partners adding support for Speculative Store Bypass Disable (SSBD). SSBD provides additional protection by providing a means for system software to completely inhibit a Speculative Store Bypass from occurring if desired. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. Most major operating system and hypervisors will add support for Speculative Store Bypass Disable (SSBD) starting as early as May 21, 2018.

The microcode updates will also address Rogue System Register Read (RSRR) – CVE-2018-3640 by ensuring that RDMSR instructions will not speculatively return data under certain conditions. This is documented in whitepapers located at Intel’s Software Side-Channel Security site. No operating system or hypervisor changes are required to support the RDMSR change.

It is expected beta microcode updates will be fully production qualified in the coming weeks. Intel recommends end users and systems administrators check with their OEM and system software vendors and apply any available updates as soon as practical.

 
Read the full article here

2 users thanked author for this post.

ch100, Elly

Reply | Quote