Microsoft quietly fixes SWAPGS processor vulnerability to protect Windows users
It has been revealed that Microsoft silently pushed out a patch to Windows users to fix a vulnerability that affected Intel CPUs produced since 2012 -- which means everything post Ivy Bridge chips.
The SWAPGS vulnerability is similar to the now-famous Spectre and Meltdown chip flaws, and was discovered by security firm Bitdefender a year ago; the fact that it has now been patched was only revealed at the BlackHat security conference. Red Hat says that an update to the Linux kernel is needed to protect against the flaw which it says affects both Intel and AMD chips, although Bitdefender has not been able to find any issues with AMD's processors.
Microsoft's patch was released as part of last month's Patch Tuesday, and it fully addresses CVE-2019-1125 without the need for micropatching. Bitdefender says that it is possible that older Intel chips are also vulnerable, but has not been able to prove this as yet. The company has only tested a very limited number of AMD processors, so it is not clear if Red Hat's suggestion that they are also vulnerable is correct.
The Linux-distro maker says:
Red Hat has been made aware of an additional spectre-V1 like attack vector, requiring updates to the Linux kernel. This additional attack vector builds on existing software fixes shipped in previous kernel updates. This vulnerability only applies to x86-64 systems using either Intel or AMD processors.
This issue has been assigned CVE-2019-1125 and is rated Moderate.
An unprivileged local attacker can use these flaws to bypass conventional memory security restrictions to gain read access to privileged memory that would otherwise be inaccessible.
The company goes on to say:
There is no known complete mitigation other than updating the kernel and rebooting the system. This kernel patch builds on existing spectre mitigations from previous updates.
Customers are advised to take a risk-based approach to mitigate this issue. Systems that require high degrees of security and trust should be addressed first and isolated from untrusted systems until treatments can be applied to those systems to reduce the risk of exploit.
Note that based on industry feedback, we are not aware of any known way to exploit this vulnerability on Linux kernel-based systems.
AMD has issued a statement saying:
AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1.
Bitdefender has created a video explaining more about the vulnerability:
The company has also set up a page dedicated to the Critical SWAPGS Attack where you can track further news and developments.