AMD and Microsoft release microcode and operating system updates against Spectre flaw

AMD and Microsoft release microcode and operating system updates against Spectre flaw

AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday.

AMD and Microsoft released the microcode and security updates for Spectre vulnerabilities.

The Meltdown and Spectre attacks could be exploited by attackers to bypass memory isolation mechanisms and access target sensitive data.

The Meltdown attack could allow attackers to read the entire physical memory of the target machines stealing credentials, personal information, and more.

The Meltdown exploits the speculative execution to breach the isolation between user applications and the operating system, in this way any application can access all system memory.

The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited to extract information from its own process via code, for example, a malicious JavaScript can be used to extract login cookies for other sites from the browser’s memory.

The attack breaks the isolation between different applications, allowing to leak information from the kernel to user programs, as well as from virtualization hypervisors to guest systems.

amd spectre flaw

Meltdown attacks trigger the CVE-2017-5754 vulnerability, while Spectre attacks the CVE-2017-5753 (Variant 1) and CVE-2017-5715 (Variant 2). According to the experts, only Meltdown and Spectre Variant 1 can be addressed via software, while Spectre Variant 2 required an update of the microcode for the affected processors. Software mitigations include.

AMD released patches for Spectre Variant 2 attack that includes both microcode and operating system updates. AMD and Microsoft worked together to issue the updates on Tuesday.

“Today, AMD is providing updates regarding our recommended mitigations for Google Project Zero (GPZ) Variant 2 (Spectre) for Microsoft Windows users. These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows.” reads the announcement published by AMD. “For Linux users, AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year.”

Microsoft initially released Spectre security patches for AMD-based systems in January, but it was forced to suspend them due to instability issues.

AMD experts highlighted that is quite difficult to exploit the Spectre Variant 2 on AMD chips, for this reason, it worked with partners to provide a combination of microcode and OS updates.

“While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk,” continues the announcement.

AMD customers can install the microcode by downloading BIOS updates provided by manufacturers, while Windows 10 updates are included in the Microsoft April Patch Tuesday.

Windows 10 updates released by Microsoft on Tuesday include Spectre Variant 2 mitigationsfor AMD devices. According to AMD, the support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing.

For Linux systems, AMD states that mitigations for GPZ Variant 2 were made available to its Linux partners and have been released to distribution earlier this year.

Meltdown security patches issued by Microsoft exposed to severe attacks

Meltdown security patches issued by Microsoft exposed to severe attacks

A security researcher discovered that some of the Windows updates released by Microsoft to mitigate the Meltdown flaw introduce a severe bug.

Meltdown and Spectre security updates made the headlines again, according to the security researcher Ulf Frisk some of them issued for Windows introduce a severe flaw.

The Meltdown and Spectre security updates released by Microsoft in January and February for Windows 7 and Windows Server 2008 R2 patch Meltdown are affected by a vulnerability that could be exploited by attackers to easily read from and write to memory.

According to the expert, an attacker can exploit gigabytes of data per second by exploiting the vulnerability.

“Meet the Windows 7 Meltdown patch from January. It stopped Meltdown but opened up a vulnerability way worse … It allowed any process to read the complete memory contents at gigabytes per second, oh – it was possible to write to arbitrary memory as well.” wrote the expert.

“No fancy exploits were needed. Windows 7 already did the hard work of mapping in the required memory into every running process. Exploitation was just a matter of read and write to already mapped in-process virtual memory. No fancy APIs or syscalls required – just standard read and write! ”

In a test conducted by the experts, he successfully accessed the memory at speeds of over 4 Gbps.

The researcher pointed out that attacker doesn’t need sophisticated exploits because Windows 7 has already mapped the memory for each active process. The page tables are available to user mode code for each process, instead

“In short – the User/Supervisor permission bit was set to User in the PML4 self-referencing entry. This made the page tables available to user mode code in every process. The page tables should normally only be accessible by the kernel itself,” the researcher added. “

The PML4 is the base of the 4-level in-memory page table hierarchy that the CPU Memory Management Unit (MMU) uses to translate the virtual addresses of a process into physical memory addresses in RAM.”

Once the attacker obtained the access to the page tables it will gain full control over the memory and its content.

“Once read/write access has been gained to the page tables it will be trivially easy to gain access to the complete physical memory, unless it is additionally protected by Extended Page Tables (EPTs) used for Virtualization. All one have to do is to write their own Page Table Entries (PTEs) into the page tables to access arbitrary physical memory,” he added.

meltdown patch issue

Frisk developed an attack tool dubbed PCILeech to trigger the flaw.

“PCILeech uses PCIe hardware devices to read and write from the target system memory. This is achieved by using DMA over PCIe. No drivers are needed on the target system.” reads the description of the tool.

“PCILeech supports multiple memory acquisition devices. Primarily hardware based, but also dump files and software based techniques based on select security issues are supported. USB3380 based hardware is only able to read 4GB of memory natively, but is able to read all memory if a kernel module (KMD) is first inserted into the target system kernel. FPGA based hardware is able to read all memory.”

“PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels – allowing for easy access to live ram and the file system via a “mounted drive”.

The experts successfully tested the attack against systems running Windows 7 x64 or Windows Server 2008 R2 with the Microsoft patches from January or February installed. Windows 10 and Windows 8.1 are not affected by the issue.