author: Bart Swiatek
SWAPGS - New Vulnerability Detected in Intel Processors
BitDefender experts have found another CPU security gap, dubbed as SWAPGS. The problem is likely to be limited to Intel CPUs of Ivy Bridge generation or later, although some researchers suggest that AMD products may also be susceptible to the exploit.
In a nutshell:
- SWAPGS is a new vulnerability in CPUs, which can be used for extraction of sensitive data;
- Intel's units are mainly vulnerable, although some experts also point to the vulnerability of AMD products;
- Microsoft has already released a patch for Windows that solves the problem.
According to TechSpot, BitDefender's experts detected another vulnerability in Intel processors. It is known as SWAPGS and is based on the weaknesses of speculative execution mechanisms. PCs with Windows and Linux running on Ivy Bridge family or newer CPUs are at risk. Using the exploit one can learn passwords or encryption keys. Using SWAPGS requires physical access to the computer, which means that majority of private users have little to worry about.
It is worth noting that the gap was detected already over a year ago. The specialists spent this time working with the processor manufacturer to find a solution.
"After assessing this issue with industry partners, we determined that the best mitigation would be at the software layer. Microsoft agreed to coordinate remediation efforts, working with the researchers and other industry partners. Microsoft released their software update to address this issue in July 2019 and today published their advisory as part of the CVD process.
Some Linux* OS vendors may elect to release updates for their products. Please check with your Linux OS vendor for details," reads Intel's statement.
If you have one of the vulnerable processors, we recommend that you install this Windows update (released on July 9). It is worth noting that according to Red Hat, AMD processors may also be vulnerable. However, Dr. Lisa Su rejected this possibility in a recent statement.
"AMD is aware of new research claiming new speculative execution attacks that may allow access to privileged kernel data. Based on external and internal analysis, AMD believes it is not vulnerable to the SWAPGS variant attacks because AMD products are designed not to speculate on the new GS value following a speculative SWAPGS. For the attack that is not a SWAPGS variant, the mitigation is to implement our existing recommendations for Spectre variant 1," reads AMD's statement.