Intel Processor Security Vulnerability (aka “Memory Sinkhole”)

Topic

New Reply

Note: Intel chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected.

I stumbled across this one when I was checking to see if my systems were subject to being flipped to UEFI (they aren’t) when I saw mentioned “Creators Update will bring simplified IT … in-place UEFI conversion“. See Intel Processor Security Vulnerability (aka “Memory Sinkhole”) and Intel left a fascinating security flaw in its chips for 16 years – here’s how to exploit it  and also Mitigations to the “Memory Sinkhole”.

For my systems HP had some mitigations in the System BIOS for my systems by way of SP73556 and SP73578:

TITLE: ROM Firmware for HP Compaq 6000 Pro (786G2)
PURPOSE: Critical
SOFTPAQ FILE NAME: SP73556.exe

TITLE: ROM Firmware for HP Compaq 8000 Elite (786G7)
PURPOSE: Critical
SOFTPAQ FILE NAME: SP73578.exe

Both show this:

ENHANCEMENTS:
– Provides mitigation to the “Memory Sinkhole” issue affecting certain Intel processors based on older Intel micro-architectures.
** HP strongly recommends promptly transitioning to this updated BIOS version which supersedes all previous releases. **

I have now updated all of my System BIOS by running the provided HPQFlash.exe in an administrator console command window. As a result, on my system the System BIOS versions have changed as follows:
“Hewlett-Packard 786G2 v01.17, 8/25/2010” -> “Hewlett-Packard 786G2 v02.03, 10/19/2015”
“Hewlett-Packard 786G7 v01.02, 10/22/2009” -> “Hewlett-Packard 786G7 v01.14 10/14/2015”

SP73578’s History.txt shows:
Version 1.02 – Initial BIOS Version

Among other things, Windows 10’s systeminfo reports “BIOS Version”, so Microsoft most certainly has had access to this in all of its data collection. If Microsoft wanted to, they certainly could have advised that a newer “BIOS Version” version update was available. That would have been helpful.

HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GB

1 user thanked author for this post.

Noel Carboni

Reply | Quote

Replies

For the sake of international clarity, I take it your heading

since 2016/08/06

refers to 2016/Aug/06, rather than 2016/08/Jun?

1 user thanked author for this post.

EyesOnWindows

Reply | Quote

Note to self–don’t change post title after posting–the post gets lost also don’t make the title so long!

@Kristy: I tried to cram too much into the title and made a mess; “since 2016/08/06” should have been “originally reported on August 6th, 2015” but it did not fit! The actual flaw was introduced in 1995, in the Pentium Pro.

Note: Intel chips built from January 2011 and onwards (Sandy Bridge Core CPUs and later) are not affected.

I stumbled across this one when I was checking to see if my systems were subject to being flipped to UEFI (they aren’t) when I saw mentioned “Creators Update will bring simplified IT … in-place UEFI conversion“. See Intel Processor Security Vulnerability (aka “Memory Sinkhole”) and Intel left a fascinating security flaw in its chips for 16 years – here’s how to exploit it  and also Mitigations to the “Memory Sinkhole”.

For my systems HP had some mitigations in the System BIOS for my systems by way of SP73556 and SP73578:

TITLE: ROM Firmware for HP Compaq 6000 Pro (786G2)
PURPOSE: Critical
SOFTPAQ FILE NAME: SP73556.exe

TITLE: ROM Firmware for HP Compaq 8000 Elite (786G7)
PURPOSE: Critical
SOFTPAQ FILE NAME: SP73578.exe

Both show this:

ENHANCEMENTS:
– Provides mitigation to the “Memory Sinkhole” issue affecting certain Intel processors based on older Intel micro-architectures.
** HP strongly recommends promptly transitioning to this updated BIOS version which supersedes all previous releases. **

I have now updated all of my System BIOS by running the provided HPQFlash.exe in an administrator console command window. As a result, on my system the System BIOS versions have changed as follows:
“Hewlett-Packard 786G2 v01.17, 8/25/2010” -> “Hewlett-Packard 786G2 v02.03, 10/19/2015”
“Hewlett-Packard 786G7 v01.02, 10/22/2009” -> “Hewlett-Packard 786G7 v01.14 10/14/2015”

SP73578’s History.txt shows:
Version 1.02 – Initial BIOS Version

Among other things, Windows 10’s systeminfo reports “BIOS Version”, so Microsoft most certainly has had access to this in all of its data collection. If Microsoft wanted to, they certainly could have advised that a newer “BIOS Version” version update was available. That would have been helpful.

HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GB

Reply | Quote

Thanks for the clarification (I’ve edited the heading, so the above discussion may not make total sense to readers).

1 user thanked author for this post.

EyesOnWindows

Reply | Quote

@Kristy: I tried to cram too much into the title and made a mess; “since 2016/08/06” should have been “originally reported on August 6th, 2015” but it did not fit! The actual flaw was introduced in 1995, in the Pentium Pro.

Since the post magically disappeared, I re-posted with a a shorter title. Seems it is back now with the same URL and the title change I had made. Extra strange to be able out pace technology!

HP Compaq 6000 Pro SFF PC / Windows 10 Pro / 22H2
Intel®Core™2 “Wolfdale” E8400 3.0 GHz / 8.00 GB
HP ProDesk 400 G5 SFF PC / Windows 11 Pro / 23H2
Intel®Core™ “Coffee Lake” i3-8100 3.6 GHz / 16.00 GB

Reply | Quote

This kind of issue – one so severe that even the “an ounce of prevention…” adage doesn’t apply because once the malware is in there IS no cure – is a good illustration of why most people need to harden their security postures to make all the more sure that they stay completely away from malware.

-Noel

Reply | Quote