Warning over new SWAPGS CPU security flaw that targets Intel's 'speculative execution' feature

'SWAPGS' side-channel attack can enable attackers to access sensitive data from Intel CPUs running Windows

Researchers at Bitdefender have discovered a new CPU security flaw in Intel's 'speculative execution' feature affecting all microprocessors produced since 2012.

Dubbed SWAPGS, the security flaw could be used by attackers to access sensitive data.

All machines - laptops, two-in-ones, desktops, and servers - launched since 2012, that run Windows and use Intel processors are affected by the vulnerability, the researchers warned.

Last month, Microsoft silently rolled out a patch to mitigate the attack.

According to security researchers at Bitdefender, side-channel attacks exploiting the new vulnerability can easily circumvent the mitigations that were introduced after the discovery of Spectre and Meltdown in 2018.

Unpatched Windows systems running on 64-bit Intel hardware are susceptible to leaking sensitive kernel memory

The vulnerability provides adversaries with a method to access all sensitive information, including passwords, encryption keys, private conversations and other secrets, existing in the kernel memory of the operating system.

Speculative execution was developed by Intel to boost processor performance by enabling it to make accurate predictions about the instructions that might be called next by an application or operating system. However, this capability also leaves traces in the cache that can be leveraged by attackers to access contents of memory.

The new vulnerability, tracked as CVE-2019-1125, affects all Intel CPUs that support instructions named SWAPGS and WSGRBASE.

The researchers said that SWAPGS enabled them to revive the side channel, even on those Windows machines that had mitigations installed on them. It was not feasible to exploit CPUs running Unix, Linux, MacOS or FreeBSD.

The SWAPGS attack circumvents all known mitigation techniques deployed against previous side-channel attacks

"Unpatched Windows systems running on 64-bit Intel hardware are susceptible to leaking sensitive kernel memory, including from user mode. The SWAPGS attack circumvents all known mitigation techniques deployed against previous side-channel attacks on vulnerabilities in speculative execution," Bitdefender warned in a blog post.

Microsoft said that it issued a fix for the flaw last month, which works by changing how the processor speculatively accesses memory. Moreover, the fix doesn't need a microcode update from computer manufacturers.

Bitdefender's Hypervisor Introspection technology can also mitigate the SWAPGS attack on unpatched Windows machines running on KVM hypervisor or Citrix Hypervisor, the company claimed.

The mitigation has introduced no noticeable performance degradation

"Bitdefender has demonstrated how Hypervisor Introspection stops the attack by removing conditions it needs to succeed on unpatched Windows systems.

"The mitigation has introduced no noticeable performance degradation. While deploying the patch from Microsoft is highly recommended, Hypervisor Introspection provides an effective compensating control until systems can be patched," the company said.