Intel Processor Security Flaw Prompts Kernel Makeovers in Linux, Windows

As-yet undisclosed design flaw in Intel processors has OS programmers working on kernel updates that reportedly could slow performance.

A design flaw in Intel microprocessors has Linux and Microsoft Windows developers reworking their kernels to defend against exploitation of the security bug.
Details of the flaw have not yet been made public, and Intel and Microsoft have remained mum about the chip design flaw, which was
first reported by The Register
this week. The report said Microsoft is expected to issue updates for Windows in next weeks Patch Tuesday batch, while Linux developers have been openly
working on fixes
online. According to the report, the OS updates ultimately could slow performance of the systems, in some cases by five- to 30%. Newer Intel processors arent as susceptible to a performance impact, the report said.
Renowned security expert Dan Kaminsky says without the details of the flaw out yet, it doesnt make sense to theorize about its ramifications. I think we shouldnt speculate until the bug is disclosed, Kaminsky says. Clearly, the notable part of this is whatever it is cant be addressed in microcode.
Intel had not responded to press inquiries as of this posting, and Microsoft declined to comment.
The flaw - which reportedly affects processors in millions of computers - could allow applications, including JavaScript in a Web browser, to read protected areas of the kernel memory.
The kernel is designed to separate userland from sensitive kernel areas so that userland programs cant take over from the kernel itself and subvert security, for example by launching malware, stealing data, snooping on network traffic and messing with the hardware, wrote Sophos security analyst Paul Ducklin in
a post
today.
The new Linux patch will isolate the kernel memory from the user process via the so-called Kernel Page Table Isolation, KPTI.
This security fix is especially relevant for multi-user computers, such as servers running several virtual machines, where individual users or guest operating systems could use this trick to “reach out” to other parts of the system, such as the host operating system, or other guests on the same physical server, Ducklin explained.
The risk of attack on appliances or endpoints such as a laptop appears to be low, he said, because an attacker would have to run code on the targeted machine to exploit it.
On shared computers such as as multiuser build servers or hosting services that run several different customers’ virtual machines on the same physical hardware, the risks are much greater: the host kernel is there to keep different users apart, not merely to keep different programs run by one user apart, Ducklin said.
Intel has been under the security microscope several times in the past year, starting with its May 2017 disclosure of
a critical privilege-escalation bug in its Active Management Technology (AMT) firmware
used in many Intel chips that affected AMT firmware versions dating back to 2010. Its up to hardware OEMs to update their platforms with Intels fix.
The
AMT vulnerability
, discovered by security vendor Embedi, gives attackers a way to access the AMT functionality without the need to authenticate to it first. The flaw allows an attacker to remotely delete or reinstall the operating system on a vulnerable system, or control the mouse and keyboard, for instance.
Last fall, Intel patched
a vulnerability in its microprocessors
that could be used by an attacker to burrow deep inside a machine and control processes and access data - even when a laptop, workstation, or server is powered down. Researchers from Positive Technologies first
discovered the flaw
, a stack buffer overflow bug in the Intel Management Engine (ME) 11 system thats found in most Intel chips shipped since 2015. ME, which contains its own operating system, is a system efficiency feature that runs during startup and while the computer is on or asleep, and handles much of the communications between the processor and external devices.
And now the Intel design flaw, the details of which remain a mystery. This flaw has existed for years and has been documented about for months, at least, so there is no need to panic; nevertheless, we recommend that you keep your eyes out for patches for the operating systems you use, probably in the course of January 2018, and that you apply them as soon as you can, Sophos Ducklin advised.
The flaw also reportedly affects cloud services such as Amazon EC2, Microsoft Azure, and Google Compute Engine. Amazon just sent a notice about a major security update and EC2 is scheduled to reboot this Friday, said Chris Morales, head of security analytics at Vectra. If the Azure and Amazon reboots are related to the Intel flaw, it would demonstrate how far reaching the impact is. A phrase like the cloud is rebooting is not something that anyone has had to say before, and it reminds me of the kind of far reaching impact that Y2K was feared to have had.
Related Content:
6 Personality Profiles of White-Hat Hackers
The Long Tail of the Intel AMT Flaw
How the Major Intel ME Firmware Flaw Lets Attackers Get God Mode on a Machine
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Intel Processor Security Flaw Prompts Kernel Makeovers in Linux, Windows