Categories
Planning

How to protect your pc from the intel foreshadow flaws

Chris Hoffman is Editor-in-Chief of How-To Geek. He’s written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader’s Digest, been interviewed as a technology expert on TV stations like Miami’s NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times—and that’s just here at How-To Geek. Read more.

Foreshadow, also known as L1 Terminal Fault, is another problem with speculative execution in Intel’s processors. It lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn’t crack.

What is Foreshadow?

Specifically, Foreshadow attacks Intel’s Software Guard Extensions (SGX) feature. This is built into Intel chips to let programs create secure “enclaves” that can’t be accessed, even by other programs on the computer. Even if malware were on the computer, it couldn’t access the secure enclave—in theory. When Spectre and Meltdown were announced, security researchers found that SGX-protected memory was mostly immune to Spectre and Meltdown attacks.

There are also two related attacks, which the security researchers are calling “Foreshadow – Next Generation,” or Foreshadow-NG. These allow access to information in System Management Mode (SMM), the operating system kernel, or a virtual machine hypervisor. In theory, code running in one virtual machine on a system could read information stored in another virtual machine on the system, even though those virtual machines are supposed to be completely isolated.

Foreshadow and Foreshadow-NG, like Spectre and Meltdown, use flaws in speculative execution. Modern processors guess the code they think might run next and preemptively execute it to save time. If a program tries to run the code, great—it’s already been done, and the processor knows the results. If not, the processor can throw the results away.

However, this speculative execution leaves some information behind. For example, based on how long a speculative execution process takes to perform certain types of requests, programs can infer what data is in an area of memory—even if they can’t access that area of memory. Because malicious programs can use these techniques to read protected memory, they could even access data stored in the L1 cache. This is the low-level memory on the CPU where secure cryptographic keys are stored. That’s why these attacks are also known as “L1 Terminal Fault” or L1TF.

To take advantage of Foreshadow, the attacker just needs to be able to run code on your computer. The code doesn’t require special permissions—it could be a standard user program with no low-level system access, or even software running inside a virtual machine.

Since the announcement of Spectre and Meltdown, we’ve seen a steady stream of attacks that abuse speculative execution functionality. For example, the Speculative Store Bypass (SSB) attack affected processors from Intel and AMD, as well as some ARM processors. It was announced in May 2018.

Is Foreshadow Being Used in the Wild?

Foreshadow was discovered by security researchers. These researchers have a proof-of-concept—in other words, a functional attack—but they’re not releasing it at this time. This gives everyone time to create, release, and apply patches to protect against the attack.

How You Can Protect Your PC

Note that only PCs with Intel chips are vulnerable to Foreshadow in the first place. AMD chips aren’t vulnerable to this flaw.

Most Windows PCs only need operating system updates to protect themselves from Foreshadow, according to Microsoft’s official security advisory. Just run Windows Update to install the latest patches. Microsoft says it hasn’t noticed any performance loss from installing these patches.

Some PCs may also need new Intel microcode to protect themselves. Intel says these are the same microcode updates that were released earlier this year. You can get new firmware, if it’s available for your PC, by installing the latest UEFI or BIOS updates from your PC or motherboard manufacturer. You can also install microcode updates directly from Microsoft.

What System Administrators Need to Know

PCs running hypervisor software for virtual machines (for example, Hyper-V) will also need updates to that hypervisor software. For example, in addition to a Microsoft update for Hyper-V, VMWare has released an update for its virtual machine software.

Systems using Hyper-V or virtualization-based security may need more drastic changes. This includes disabling hyper-threading, which will slow down the computer. Most people won’t need to do this, but Windows Server administrators running Hyper-V on Intel CPUs will need to seriously consider disabling hyper-threading in the system’s BIOS to keep their virtual machines safe.

Cloud providers like Microsoft Azure and Amazon Web Services are also patching their systems to protect virtual machines on shared systems from attack.

Patches may be necessary for other operating systems, too. For example, Ubuntu has released Linux kernel updates to protect against these attacks. Apple has not yet commented on this attack.

Specifically, the CVE numbers that identify these flaws are CVE-2018-3615 for the attack on Intel SGX, CVE-2018-3620 for the attack on the operating system and System Management Mode, and CVE-2018-3646 for the attack on the virtual machine manager.

In a blog post, Intel said it’s working on better solutions to improve performance while blocking L1TF-based exploits. This solution will apply the protection only when necessary, improving performance. Intel says its already provided pre-release CPU microcode with this feature to some partners and is evaluating releasing it.

Finally, Intel notes that “L1TF is also addressed by changes we are making at the hardware level.” In other words, future Intel CPUs will contain hardware improvements to better protect against Spectre, Meltdown, Foreshadow, and other speculative execution-based attacks with less performance loss.

Chris Hoffman is Editor-in-Chief of How-To Geek. He’s written about technology for over a decade and was a PCWorld columnist for two years. Chris has written for The New York Times and Reader’s Digest, been interviewed as a technology expert on TV stations like Miami’s NBC 6, and had his work covered by news outlets like the BBC. Since 2011, Chris has written over 2,000 articles that have been read nearly one billion times—and that’s just here at How-To Geek. Read more.

Foreshadow, also known as L1 Terminal Fault, is another problem with speculative execution in Intel’s processors. It lets malicious software break into secure areas that even the Spectre and Meltdown flaws couldn’t crack.

What is Foreshadow?

Specifically, Foreshadow attacks Intel’s Software Guard Extensions (SGX) feature. This is built into Intel chips to let programs create secure “enclaves” that can’t be accessed, even by other programs on the computer. Even if malware were on the computer, it couldn’t access the secure enclave—in theory. When Spectre and Meltdown were announced, security researchers found that SGX-protected memory was mostly immune to Spectre and Meltdown attacks.

There are also two related attacks, which the security researchers are calling “Foreshadow – Next Generation,” or Foreshadow-NG. These allow access to information in System Management Mode (SMM), the operating system kernel, or a virtual machine hypervisor. In theory, code running in one virtual machine on a system could read information stored in another virtual machine on the system, even though those virtual machines are supposed to be completely isolated.

Foreshadow and Foreshadow-NG, like Spectre and Meltdown, use flaws in speculative execution. Modern processors guess the code they think might run next and preemptively execute it to save time. If a program tries to run the code, great—it’s already been done, and the processor knows the results. If not, the processor can throw the results away.

However, this speculative execution leaves some information behind. For example, based on how long a speculative execution process takes to perform certain types of requests, programs can infer what data is in an area of memory—even if they can’t access that area of memory. Because malicious programs can use these techniques to read protected memory, they could even access data stored in the L1 cache. This is the low-level memory on the CPU where secure cryptographic keys are stored. That’s why these attacks are also known as “L1 Terminal Fault” or L1TF.

To take advantage of Foreshadow, the attacker just needs to be able to run code on your computer. The code doesn’t require special permissions—it could be a standard user program with no low-level system access, or even software running inside a virtual machine.

Since the announcement of Spectre and Meltdown, we’ve seen a steady stream of attacks that abuse speculative execution functionality. For example, the Speculative Store Bypass (SSB) attack affected processors from Intel and AMD, as well as some ARM processors. It was announced in May 2018.

Is Foreshadow Being Used in the Wild?

Foreshadow was discovered by security researchers. These researchers have a proof-of-concept—in other words, a functional attack—but they’re not releasing it at this time. This gives everyone time to create, release, and apply patches to protect against the attack.

How You Can Protect Your PC

Note that only PCs with Intel chips are vulnerable to Foreshadow in the first place. AMD chips aren’t vulnerable to this flaw.

Most Windows PCs only need operating system updates to protect themselves from Foreshadow, according to Microsoft’s official security advisory. Just run Windows Update to install the latest patches. Microsoft says it hasn’t noticed any performance loss from installing these patches.

Some PCs may also need new Intel microcode to protect themselves. Intel says these are the same microcode updates that were released earlier this year. You can get new firmware, if it’s available for your PC, by installing the latest UEFI or BIOS updates from your PC or motherboard manufacturer. You can also install microcode updates directly from Microsoft.

What System Administrators Need to Know

PCs running hypervisor software for virtual machines (for example, Hyper-V) will also need updates to that hypervisor software. For example, in addition to a Microsoft update for Hyper-V, VMWare has released an update for its virtual machine software.

Systems using Hyper-V or virtualization-based security may need more drastic changes. This includes disabling hyper-threading, which will slow down the computer. Most people won’t need to do this, but Windows Server administrators running Hyper-V on Intel CPUs will need to seriously consider disabling hyper-threading in the system’s BIOS to keep their virtual machines safe.

Cloud providers like Microsoft Azure and Amazon Web Services are also patching their systems to protect virtual machines on shared systems from attack.

Patches may be necessary for other operating systems, too. For example, Ubuntu has released Linux kernel updates to protect against these attacks. Apple has not yet commented on this attack.

Specifically, the CVE numbers that identify these flaws are CVE-2018-3615 for the attack on Intel SGX, CVE-2018-3620 for the attack on the operating system and System Management Mode, and CVE-2018-3646 for the attack on the virtual machine manager.

In a blog post, Intel said it’s working on better solutions to improve performance while blocking L1TF-based exploits. This solution will apply the protection only when necessary, improving performance. Intel says its already provided pre-release CPU microcode with this feature to some partners and is evaluating releasing it.

Finally, Intel notes that “L1TF is also addressed by changes we are making at the hardware level.” In other words, future Intel CPUs will contain hardware improvements to better protect against Spectre, Meltdown, Foreshadow, and other speculative execution-based attacks with less performance loss.

Foreshadowing disaster:

Ways to protect a PC from Foreshadow flaws

It looks like Intel processors are having a tough 2018 and the spate of misfortune and vulnerabilities isn’t going to end soon. Foreshadow, also dubbed L1 Terminal Fault, is an ongoing issue with a chip design feature called speculative execution that can potentially affect millions of Intel chips and can be used by malware to steal sensitive data.

Foreshadow lets malicious software break into secure areas that even the previous Spectre and Meltdown bugs couldn’t crack. Here are a deeper look into the problem and smart ways on how to keep safe from Intel Foreshadow attacks.

What is Foreshadow?

Foreshadow is a weakness that attacks the Software Guard Extensions (SGX) feature of Intel, built into chips since 2015 to allow programs to create secure enclaves that cannot be accessed even by other programs on the computer. In short, SGX was designed to protect code from being modified or disclosed.

In theory, the secure enclave is safe and untouched even if there’s malware on the computer. But in this weakness, a hacker could create a program exploiting the vulnerability to read data that was thought to be secure in the CPU even if the main system was compromised. Suddenly there’s the danger that the data in a secure enclave could still be copied elsewhere and then accessed.

There are two related attacks involved, including one called “Foreshadow Next Generation” or simply Foreshadow-NG. They permit access to information in System Management Mode (SMM) or a virtual machine hypervisor.

According to Intel, Foreshadow was first documented by two sets of researchers back in January 2018. The vulnerability has been called CVE-2018-3615. Further variants extended the weakness to new SGX-enabled chips running hypervisors and have been dubbed CVE-2018-3620 and CVE-2018-3646.

The famed chip company discovered Foreshadow only days after the world got wind of the Spectre and Meltdown mega-flaws. Foreshadow is the latest and probably most notable example of the so-called Spectre-NG flaw.

How the flaw works?

These weaknesses harness flaws in speculative execution. In modern processors, the code that might run next is guessed and executed preemptively in order to save time. Once a program attempts to run the code, it’s been done and the processor knows what the results are. If it doesn’t do so, the processor can ditch the results.

This speculative execution, though, leaves behind some information. Here’s an example. Based on the time it takes for a speculative execution process to perform specific requests, programs are able to infer the data in an area of memory, even without access to that area. Malicious programs could access data stored in the L1 cache – the low-level memory on the CPU that stores secure cryptographic keys – since they can abuse these methods to read protected memory.

Attackers just need to run code on the computer to exploit Foreshadow. No special permissions are required: it could simply be software operating in a virtual machine or a standard user program without low-level system access.

A list of affected CPUs

Users who bought an Intel system after late 2015 face a high likelihood that it contains an affected CPU. Note that AMD and other vendors not using SGX don’t need to be concerned with how to keep safe from Intel foreshadow attacks.

  • Intel Xeon Processor D (1500, 2100)
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor E7 v1/v2/v3/v4 Family
  • Intel Xeon Processor E5 v1/v2/v3/v4 Family
  • Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
  • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
  • Intel Core X-series Processor Family for Intel X99 and X299 platforms
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
  • Intel Core i3/i5/i7/M processor (45nm and 32nm)

Intel said that systems that have already applied firmware updates made available earlier this year, besides applicable OS updates, should already be shielded from Foreshadow. Things, however, might be more complicated in data centers that run hypervisors prone to Foreshadow-NG attacks.

With Intel’s apparent long-term solution of designing the weaknesses out of its future CPUs, it might take time to restore normalcy in this side of the chip trade.

How to protect your Windows computer now?

Here are simple yet radically effective ways to get protected today:

  1. Update your BIOS. Keep your laptop or desktop up to date by installing the latest BIOS updates from the manufacturer of the laptop or motherboard (for a PC). Usually, this involves CPU microcode updates.
  2. Update Windows.Don’t be content with microcode updates alone, as they work alongside the OS updates to protect against malware that could take advantage of Foreshadow. Microsoft’s official security advisory assured that most Windows PCs need only OS updates in order to protect themselves from the Foreshadow flaw. Run Windows Update to install the latest patches.
  3. Run anti-malware software. Maintain up-to-date protection on your desktop or laptop, which can help detect and stop malware in its tracks before Windows or the processor’s security safeguards are even activated. Auslogics Anti-Malware offers topnotch protection against malware and data safety threats, detecting malicious items not previously suspected to exist, flexibly scheduling automatic scans, and doubling protection by catching items your antivirus may miss.

These flaws may be proof-of-concept right now, but it’s best to think up and execute ways to protect a PC from Foreshadow flaws early on while future Intel CPUs are getting armed with hardware improvements for every user’s peace of mind.

The tech giant has released fixes and updated the patched work to deal with Foreshadow attacks on Intel Chips. Moreover, the security loopholes have disturbing the speculative execution feature of Intel CPUs. The company has also provided the security consultative to circulate the required vital information against the Foreshadow attacks.

In this post, we’re going to talk about how to protect yourself against ‘Foreshadow’ intel CPU attacks. However, before going further let’s understand what’s Foreshadow and what is the effect of Foreshadow-NG/L1TF & Foreshadow.

What’s Foreshadow?

Both, Foreshadow- NG and Foreshadow are speculative execution which is a vulnerability of side-channel. SGX (Security Guard Extensions) is a feature of Intel CPUs and especially intended to safeguard the privacy and security. Moreover, it is also designed to defend the integrity of data and apps code from being targeted and continue the processes running with high privileges. Security Guard Extensions are maintained in cloud infrastructures to get the best out of it.

As per the sources, Foreshadow requires a flaw in Security Guard Extension’s execution. The proper utilization of this vulnerability cyberattacks can easily be capable of accessing and gaining control of Security Guard Extensions to secure the data inhabiting in the CPU’s enclaves.

What Security Experts Has to Say About the Loopholes?

Security experts have exposed to a new method to exploit the speculative execution feature of Intel CPUs to leak secured data and evade memory security difficulties. Well, the name of the susceptibility is L1 Terminal Fault (L1TF) and mostly known as Foreshadow. It takes place with three different variations, wherein the first and authentic variation was detected by the KU Leuven University team experts along with the University of Michigan, University of Adelaide and Data61, Israel Institute of Technology.

CVE identifiers have been allotted the crucial vulnerabilities. So. Let’s have a look at the vulnerabilities:

Foreshadow – CVE-2018-3615: responsible for affecting the Security Guard Extensions.

Foreshadow-NG/L1TF – CVE-2018-3620: It is responsible for affecting the system management mode (SMM) and Operating system (kernel).

Foreshadow-NG/L1TF – CVE-2018-3646: this is responsible for affecting Virtual Machines and hypervisors that run on cloud services.

Effect of Foreshadow-NG/L1TF & Foreshadow?

The vulnerabilities have the power to influence cloud workloads as well as systems. It is especially for the infrastructures which are provided by Intel like Intel’s Core and Xeon CPUs. Wherein the Processors of AMD unknown as Advanced Micro Devices and runs on ARM (Advanced RISC Machine) doesn’t have any sign of being influenced or affected. According to the tech giant Intel, it is a forthcoming next-generation enterprise and client processors, which company is planning to introduce by the end of the year (2018) will also not be influenced by these vulnerabilities.

As these vulnerabilities also have the capacity to leave an effect on cloud infrastructures, Virtual Machines, and virtualization environments, so the unpleasant impression can leave millions devastated.

For now, the experts have only quoted that how Security Guard Extensions can be expended for by video streaming services Netflix, Blockchain technology as well as cryptocurrencies. The security loopholes can invite cybercriminals or users might end up compromising their credentials, encrypted private keys which are kept in the CPU’s enclaves.

How to Protect Yourself Against ‘Foreshadow’ Intel CPU Attacks?

The two tech giant companies Microsoft and Intel are working hard and announced its patched released to deal with the Foreshadow attacks on Intel Chips. Moreover, the cloud service providers and contributors have also provided fixes as per their own mitigations and patches to defend against the attacks of Foreshadow.

Amazon Web Services (AWS) announced that ALAS-2018-1058 kernel has been updated whereas Google Cloud and Oracle also have made announcements regarding the same. Microsoft Azure also distributed extenuation for Azure cloud services and Linux and Windows VMs. Moreover, patches are offered for Linux Kernel.

According to the security experts who disclosed about the loopholes, have also created a website that has all the required information about the FAQs, documentation and other necessary data for Foreshadow-NG and Foreshadow to deal with the Foreshadow attacks on Intel Chips.

So, going through the website and gathering as much as knowledge possible is one of the best ways to protect yourself against ‘Foreshadow’ Intel CPU attacks. Also, installing the updated patch released by Microsoft is beneficial to eliminate such attacks in future as well.

Enterprise IT system administrators will soon have to implement fixes to the newly revealed Intel L1 Terminal Fault vulnerability, also known as Foreshadow, which can affect systems through leakage of data through a processor’s level 1 cache or Intel’s security enclaves in protected memory.

There are three closely related versions of the L1TF, all of which arise through misuse of a processor’s speculative execution functions. Most modern processors use speculative execution, which execute a command that’s most likely to come next in a series of instructions as a way to speed up operations. However, speculative execution leaves traces to the contents of protected memory that can be exploited using sophisticated malware.

When protecting your data center against this flaw, the most important takeaway is that these attacks can occur through hypervisors supporting virtualized systems, such as VMware and Microsoft Hyper-V. Most modern Intel processors, up to and including current 8th generation Core and Xeon CPUs, exhibit this flaw. Fixing it requires microcode and operating system updates to the affected machines.

System manufacturers have been releasing microcode updates since March. Microsoft has been including fixes in Windows Update, and several Linux distributions have also been updated. But just because the updates are available doesn’t mean you’re protected, since each of the microcode updates require that a patch be urgently applied to the computer in question.

There’s also an extra step that should be performed on systems running Hyper-V, which is to turn off Hyperthreading in the system BIOS. Hyperthreading allows each processor core to execute two separate sets of instructions simultaneously, allowing them to operate as if each core was two cores. In Hyper-V systems where you can’t be certain that fixes have been applied to guest operating systems, Hyperthreading needs to be turned off. While this will bring a performance hit, avoiding an attack will be well worth it.

Because these exploits are acting directly on the processor, there’s a high likelihood that you’d never know about an attack, even after the fact. This means it is crucial to patch your systems urgently. The microcode update won’t have any adverse effect on your servers, and the Windows or Linux updates should also leave you unaffected.

What is Foreshadow?

Foreshadow, also known as L1 Terminal Fault, is a security bug thataffects one of Intel’s security parts (Software Guard Extensions (or SGX)..It allows malware to enter safe areas that even the previous security holes of Specter and Meltdown can not smash.

Specifically, Foreshadow attacked Intel’s device protection software (SGX) function.This feature is integrated into Intel chips to allow systems to create “zones” secure that even different techniques on the computer cannot be accessed.In addition, in theory, although malware enters the computer, it can’t access those secure spaces.When Specter and Meltdown security insects had been released, security researchers found that the memory safe by means of SGX was just about unaffected by way of Specter and Meltdown.

Foreshadow has two versions: the initial attack is to retrieve data from the secure space of ​​SGX and the second one is Foreshadow NG (Next Generation) to retrieve data in the L1 cache.NG affects both digital machines, OS kernel reminiscence, machine control memory, doubtlessly threatening all of the cloud platform architecture.

You can to find out extra about this vulnerability here:Foreshadow – the fifth most critical security vulnerability on the CPU in 2018

How to protect your PC earlier than Foreshadow

Note that most effective Intel-based computers are susceptible to attack by means of Foreshadow.AMD chips infrequently get this security error.

According to the authentic security advice from Microsoft, most Windows-based PCs just want to be up to date to the running system can protect themselves from Foreshadow.Just run Windows Update to install the latest patches.Microsoft additionally mentioned it did not notice any affect at the efficiency of the system after installing these patches.

Some PCs might also neednew microchips fromIntel to protect themselves.Intel stated these are thesamemicrocodeupdatesthat have been released previous this yr.It is possible to download a new firmware replace, via putting in the newest UEFI or BIOS update from either your PC or motherboard producer.In addition, it’s also conceivable to installthe microcodeupdatedirectly from Microsoft.

Notes for device administrators

For PCs working hypervisor device for virtual machines (as an example, Hyper-V) that hypervisor instrument may also need to be up to date to the newest model.For instance, as well as to the Microsoft update for Hyper-V, VMWare has also launched updates for his or her virtual gadget instrument.

Systems that use Hyper-V or different virtualization-based security platforms will also need more potent changes.Including disabling hyperthreading, this may increasingly slow down the computer, and naturally most people won’t need to do this, but for Windows Server directors operating Hyper-V on Intel’s CPU, they are going to want to seriously consider disabling hyperthreading in the system BIOS to stay their virtual machines protected.

Cloud software vendors corresponding to Microsoft Azure and Amazon Web Services are also actively operating patches for their systems to keep away from being attacked through virtual machines on those data-sharing techniques.

Other working techniques additionally need to be up to date with new security patches.For example, Ubuntu has released a new update to protect Linux machines earlier than those attacks.While Apple has not yet made any formal moves.

After identifying and inspecting CVE records, the security has known the next errors: CVE-2018-3615 to attack Intel SGX, CVE-2018-3620 attack at the running device and mode System control and CVE-2018-3646 to attack the management of virtual machines.

In a weblog post, Intel said it is actively running to get a hold of better solutions in addition to give a boost to performance whilst rushing up blockading L1TF results.These answers will most effective be applied when important.Intel said thatthe microcodefor CPUs in the past launched by means of the corporate has provided this option to some partners and its performance is still being evaluated.

Finally, Intel noted that L1TF issues will also be addressed by the company with changes made to the hardware.In other words, future Intel CPUs will usher in hardware improvements to reinforce the efficiency of combating Specter, Meltdown, Foreshadow and different identical attacks and decrease losses. to a minimal.

  1. 17 transparent signs that your computer has been attacked by a virus
  2. 10 very best free antivirus instrument for computer systems
  3. These “hack” guidelines are most effective Notepad can do
  4. How do I know if any individual has accessed and used your computer?

Home | Sitemap Page was generated in 3.4861760139465

2018 might well be a year Intel would like to forget, especially where its processors are concerned. It has now revealed that millions of its chips have yet another flaw, which could potentially be used by malware to steal sensitive data.

Just like the Spectre and Meltdown ‘bugs’, this new one – dubbed Foreshadow – is similar in nature. Put simply, a hacker could create a program that exploits this vulnerability to read data that was previously thought to be secure in the CPU, even if the main system was compromised.

Ironically, the vulnerability is in Intel’s Software Guard Extensions (SGX) which is designed to protect code from being modified or disclosed.

The flaw is also known as the L1 Terminal Fault or L1TF for short because it’s in the level 1 cache that the data – from a different virtual processor core – can be read.

Watch Intel’s video above if you want to understand more about the technical details.

How can I protect my PC from Foreshadow?

Update your BIOS
Keep your PC or laptop up to date. That means installing the latest BIOS updates from your laptop manufacturer or – for a PC – from your motherboard manufacturer.

These typically include CPU microcode updates, and the good news is that updates are always available for the vast majority of affected chips. In fact, if you installed an update earlier this year after the Spectre and Meltdown scare, your system should be already protected from Foreshadow.

Update Windows
Microcode updates alone are not enough to protect you. The other thing to do is ensure Windows is up to date, since microcode updates work hand in hand with operating system updates to protect against malware which could exploit the Foreshadow flaw.

Run antivirus software
It’s also important to have up-to-date antivirus software on your PC or laptop, as this can help detect and stop malware before Windows or your processor’s security mechanisms have to get involved.

Which processors are affected by L1TF?
Those which support SGX. This means Intel Core processors (and Xeon chips, which aren’t in consumer PCs or laptops) from around 2016 onwards.

You can visit Intel’s website to check your particular processor to see if it supports SGX or not.

Have there been any attacks against Foreshadow?
No. Intel says it knows of no cases where the flaw has been exploited. So – technically – even if your BIOS and Windows aren’t up to date, the risk is low. That’s no reason not to update all your devices, though.

The main risk, according to Intel, is data centres where each server runs virtualisation software in order to run multiple operating systems on each one.

The L1TF flaw theoretically means that cloud storage services are most at risk, since they use many of the servers which could be affected. Intel is working with providers to address the problem, but we’d recommend (just as always) that you have multiple backups of any important files and don’t rely on one cloud service to store your only copy.

The newly revealed Intel L1 Terminal Fault vulnerability, also known as Foreshadow, provides a new round of challenges for system administrators who must now find ways to protect their organization’s computers against what could be serious attacks.

Intel has released a blog post describing the flaws and explaining how they can affect systems through leakage of data through a processor’s level 1 cache or through Intel’s security enclaves in protected memory that depend on Software Guard Extensions (SGX) and Intel’s System Management Mode.

There are three versions of the L1TF that are closely related, and all arise through misuse of a processor’s speculative execution functions. Most modern processors use speculative execution, which means executing a command that’s most likely to come next in a series of instructions as a way to speed up operations. Speculative execution leaves traces to the contents of protected memory that can be exploited using sophisticated malware.

The process is complex, so Intel has released a video that explains how this works. Protecting your data center against this flaw isn’t complex, but there are several aspects of the process that you need to know about. The most important is that a successful attack using the Foreshadow vulnerabilities can take place through hypervisors supporting virtualized systems, such as VMware and Microsoft Hyper-V.

Most modern Intel processors, up to and including current 8 th generation Core and Xeon CPUs, exhibit this flaw. Fixing the problem requires microcode and operating system updates to the affected machines.

System manufacturers have been releasing microcode updates since March, following Intel’s notification of the vulnerabilities in January, 2018. Microsoft has been including fixes for the problem in Windows Update. Several Linux distributions have also been updated.

But just because the updates are available doesn’t mean you’re protected. Each of the microcode updates required that a patch be applied to the computer in question. Usually this is done through the BIOS flashing process, and while updating each computer only requires a few minutes, patching every computer in a data center can be a daunting task.

Your organization probably already has a procedure for operating system updates. But this is one series of updates that needs to be tested and applied with some degree of urgency. While the vulnerability may be difficult to exploit, that’s not the same thing as being impossible.

There’s also an extra step that should be performed on systems running Hyper-V, which is to turn off Hyperthreading in the system BIOS. Hyperthreading is a technology that allows each processor core to execute two separate sets of instructions simultaneously, and in the process allows them operate as if each core was two cores. However, because they’re still one physical core, the Hyper-threading streams also share a single chunk of memory in the Level 1 cache.

VMware has been updated to protect against corruption of the Level 1 cache, but according to guidance from Intel, in Hyper-V systems where you can’t be certain that fixes have been applied to operating systems that are guest processes in a Hyper-V system, then Hyperthreading needs to be turned off.

Intel said in its security bulletin that the microcode fixes, which primarily ensure that the Level 1 cache is flushed quickly, won’t have any impact on performance. However, turning off Hyperthreading in systems where it’s used to support virtualized systems will indeed slow things down. Just how much depends on details on how your systems are using Hyperthreading, but it will happen.

If there is any good news in all of this, it’s that Intel is not aware of any exploits in the wild that use these vulnerabilities. But that’s not to say it can’t happen, because all that’s required is that a threat actor be able to execute code on an unpatched machine that’s able to read the contents of protected areas of memory.

Because such exploits are acting directly on the processor, there’s a high likelihood that you’d never know about an attack, even after the fact. It may not leave any traces at all. Worse, the code that exploits this vulnerability doesn’t appear to require any special access.

What this means is that it’s crucial that you patch your systems. The microcode update won’t have any adverse effect on your servers, the Windows or Linux updates should also leave you unaffected.

But if you’re running Hyper-V and you’re not certain that the guest operating systems have been patched, then you should turn off Hyperthreading, and this will bring a performance hit.

While it’s unlikely that the ransomware writers and the script kiddies will ever manage to create malware capable of exploiting Foreshadow, this is a vulnerability that’s well within the capabilities of nation-state threat actors.

You may not think that your organization is of interest to such actors, but as we’ve seen lately, you don’t need to be a government or a government contractor to be attacked. You only have to have the email address or phone number of someone who is.

Foreshadow, також відомий як L1 Terminal Fault, є ще однією проблемою з спекулятивним виконанням процесорів Intel. Це дозволяє зламати зловмисне програмне забезпечення в захищені зони, які навіть Spectre і Meltdown не могли зламати.

Що таке Foreshadow?

Зокрема, Foreshadow атакує функцію розширення програмного забезпечення Intel (Guard) Extensions (SGX). Це вбудовано в чіпи Intel, щоб дозволити програмам створювати безпечні “анклави”, до яких не можна звертатися, навіть іншими програмами на комп’ютері. Навіть якщо б на комп’ютері знаходилися шкідливі програми, він не міг отримати доступ до захищеного анклаву. Коли Spectre і Meltdown були оголошені, дослідники безпеки виявили, що пам’ять, захищена SGX, в основному захищена від атак Spectre і Meltdown..

Існують також два пов’язані атаки, які дослідники безпеки називають «Foreshadow – Next Generation» або Foreshadow-NG. Вони дозволяють отримати доступ до інформації в режимі керування системою (SMM), ядрі операційної системи або в гіпервізорі віртуальної машини. Теоретично, код, який виконується в одній віртуальній машині в системі, може читати інформацію, що зберігається в іншій віртуальній машині в системі, навіть якщо ці віртуальні машини повинні бути повністю ізольовані.

Foreshadow і Foreshadow-NG, як Spectre і Meltdown, використовують недоліки в спекулятивному виконанні. Сучасні процесори вгадують код, який, на їхню думку, може працювати далі, і попередньо його виконувати, щоб заощадити час. Якщо програма намагається запустити код, то це вже зроблено, і процесор знає результати. Якщо ні, процесор може відкинути результати.

Однак це спекулятивне виконання залишає за собою певну інформацію. Наприклад, на основі того, наскільки довго спекулятивним процесом виконання потрібно виконувати певні типи запитів, програми можуть зробити висновок, які дані знаходяться в області пам’яті, навіть якщо вони не можуть отримати доступ до цієї області пам’яті. Оскільки шкідливі програми можуть використовувати ці методи для читання захищеної пам’яті, вони можуть навіть отримати доступ до даних, що зберігаються в кеші L1. Це пам’ять низького рівня на процесорі, де зберігаються захищені криптографічні ключі. Ось чому ці атаки також відомі як “L1 Terminal Fault” або L1TF.

Щоб скористатися перевагами Foreshadow, зловмисник просто повинен мати можливість запускати код на вашому комп’ютері. Код не вимагає спеціальних дозволів – це може бути стандартна програма користувача без доступу до систем низького рівня або навіть програмне забезпечення, яке виконується всередині віртуальної машини.

З моменту оголошення Spectre і Meltdown ми бачили стійкий потік атак, які зловживають функціями спекулятивного виконання. Наприклад, атака Speculative Store Bypass (SSB) вплинула на процесори Intel і AMD, а також деякі процесори ARM. Про це було оголошено у травні 2018 року.

Є Foreshadow використовується в дикій природі?

Foreshadow був відкритий дослідниками безпеки. Ці дослідники мають доказову концепцію – іншими словами, функціональну атаку – але вони не відпускають її в цей час. Це дає кожному часу можливість створювати, випускати і застосовувати патчі для захисту від атаки.

Як можна захистити ваш комп’ютер

Зверніть увагу, що тільки персональні комп’ютери з чіпами Intel є вразливими до Foreshadow. Чіпи AMD не вразливі до цього недоліку.

Більшість комп’ютерів Windows потребують лише оновлень операційної системи, щоб захистити себе від Foreshadow. Просто запустіть Windows Update, щоб встановити останні оновлення. Корпорація Майкрософт каже, що не помітила втрати продуктивності від встановлення цих патчів.

Для захисту деяких комп’ютерів може знадобитися новий мікрокод Intel. Intel каже, що це ті самі оновлення мікрокоду, які були випущені на початку цього року. Ви можете отримати нову прошивку, якщо вона доступна для вашого комп’ютера, встановивши останні оновлення UEFI або BIOS від виробника ПК або материнської плати. Також можна інсталювати оновлення мікрокоду безпосередньо з Microsoft.

Що системні адміністратори повинні знати

Комп’ютери, на яких запущено програмне забезпечення гіпервізора для віртуальних машин (наприклад, Hyper-V), також потребуватимуть оновлень цього програмного забезпечення гіпервізора. Наприклад, на додаток до оновлення Microsoft для Hyper-V, VMWare випустила оновлення для свого програмного забезпечення віртуальних машин.

Системи, що використовують безпеку на основі Hyper-V або віртуалізації, можуть потребувати більш різких змін. Це включає відключення гіперпотоків, що уповільнить роботу комп’ютера. Більшості людей це не потрібно робити, але адміністратори Windows Server, на яких працюють процесори Hyper-V на процесорах Intel, повинні серйозно розглянути питання про вимикання гіперпотоків у BIOS системи, щоб зберегти їх віртуальні машини.

Провайдери хмари, такі як Microsoft Azure і веб-служби Amazon, також виправляють свої системи для захисту віртуальних машин від спільних систем від атак.

Для інших операційних систем також можуть знадобитися патчі. Наприклад, Ubuntu випустила оновлення ядра Linux для захисту від цих атак. Apple ще не прокоментувала цю атаку.

Зокрема, числа CVE, які ідентифікують ці недоліки, є CVE-2018-3615 для атаки на Intel SGX, CVE-2018-3620 для атаки на операційну систему і режим управління системою, а CVE-2018-3646 для атаки на менеджер віртуальних машин.

У своєму блозі Intel заявила, що працює над кращими рішеннями для підвищення продуктивності, блокуючи експлуатації на базі L1TF. Таке рішення застосовуватиме захист тільки в разі необхідності, підвищуючи продуктивність. Корпорація Intel повідомляє, що вже надана попередня реліз мікрокоду з процесором з цією функцією для деяких партнерів і оцінює її випуск.

Нарешті, корпорація Intel зазначає, що “L1TF також враховує зміни, які ми робимо на апаратному рівні”. Іншими словами, майбутні процесори Intel будуть містити вдосконалення апаратних засобів для кращого захисту від Spectre, Meltdown, Foreshadow та інших спекулятивних атак з використанням менше втрати продуктивності.

By Lucian Armasu published 15 August 18

Update, 8/15/18, 1:40 p.m. PT: Intel sent Tom’s Hardware a statement, clarifying that the microcode update was sent to manufacturers earlier this year.

“L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We’ve provided more information on our website and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We’d like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion- Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue.”

Original, 8/15/18, 9:38 a.m. PT:

Intel chips have been marred by another series of security flaws dubbed Foreshadow-NG. Researchers discovered the vulnerabilities, which primarily affect Intel’s Software Guard Extensions (SGX) and the security of virtualized environments.

What Is the Foreshadow Attack?

Foreshadow is yet another speculative execution flaw (much like Meltdown and Spectre) in Intel’s processors that allows attackers to steal sensitive contents stored in computers’ or virtual machines’ memory. Most modern processors utilize speculative execution to improve performance. As the name suggests, the chips will speculate or assume the instructions they need to execute next, instead of waiting around for the previous instructions to complete their execution. When the prediction is correct, this saves overall execution time, while the incorrect predictions are scrapped.

Researchers discovered the first Foreshadow flaw earlier this year. This flaw also affected Intel’s SGX, which is a security feature that allows app developers to store sensitive information, such as encryption keys, in hardware-protected virtual enclaves.

Now, Intel’s own security team has identified two more variants, which they’re calling Foreshadow-NG (next-generation). We also know from earlier reports that Intel was supposed to release patches on August 14 for some unknown “Spectre-NG” flaws. The Foreshadow flaws seems to be the last of the group of Intel chip flaws nicknamed Spectre-NG earlier this year.

Intel SGX Under Attack

SGX, the secure enclave technology Intel introduced with the Skylake generation of its processors, encrypts blocks of memory so that malware that may have infected an operating system can’t get to the sensitive data stored in the SGX enclaves. The processor itself validates the integrity of the enclaves, so as long as the processor is trusted, the enclaves can also be trusted.

Because processors are typically much more secure than operating systems and applications, the SGX enclaves are attractive to certain app developers concerned about their users’ security. The Signal private messenger, for instance, is one of the apps that has started using Intel’s SGX to protect the privacy of its users.

However, the Foreshadow attack has found a way around the SGX protections, which normally don’t allow attackers to penetrate the enclaves with speculative execution attacks. According to the researchers that found the flaw, attackers could create shadow-copies of the secure enclave-protected data and then read the contents of those copies. They can later also trick users into trusting and sending their private data to the new fake enclaves.

Virtual Machines Vulnerable to Foreshadow-NG

Intel’s researchers found two Foreshadow-related attacks that would allow attackers to read any of the contents of the CPU chip’s L1 cache. This is also why Intel calls this new family of flaws “L1 Terminal Fault” or L1TF.

  • allow a malicious user application to read kernel memory
  • allow a malicious guest virtual machine to read the hypervisor’s memory or the memory of another guest virtual machine (especially dangerous in the cloud/web hosting scenario)
  • allow a malicious OS to read memory protected by the SMM

Affected CPUs and Mitigation

The researchers said that the original Foreshadow variant only affects Intel’s SGX-capable chips, which includes the Skylake generation and newer.

Meanwhile, the two Foreshadow-NG variants don’t seem to affect other chip providers so far and affect the following Intel chips:

  • Intel Core i3/i5/i7/M processor (45nm and 32nm)
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
  • Intel Core X-series processor family for Intel X99 and X299 platforms
  • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
  • Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 family
  • Intel Xeon Processor E5 v1/v2/v3/v4 family
  • Intel Xeon Processor E7 v1/v2/v3/v4 family
  • Intel Xeon Processor Scalable family
  • Intel Xeon Processor D (1500, 2100)

Previous countermeasures implemented against Spectre and Meltdown can’t protect against Foreshadow attacks, according to the security researchers that uncovered the Foreshadow flaws. Mitigation against the Foreshadow flaws require updates to operating systems, hypervisors and Intel chips microcode. Intel’s own benchmarks showed that the performance impact of the patches is negligible.

Although getting the operating system and hypervisor updates should be easier, getting the microcode updates will be trickier for the many users who fully depend on manufacturers to send them the updates. That means most older PCs and laptops may not be fully protected against the Foreshadow attacks.

Reports recently surfaced that there is a major security flaw that affects a generation of processors for Windows and Linux. The critical vulnerability is known as the “Meltdown” bug.

Experts claim that while this flaw was just recently discovered, it has the potential to affect processors manufactured 20 years ago. Intel chips are the main focus of study and investigation for the experts trying to address this security flaw. They are hoping to get a full idea of the extent of the vulnerability and susceptibility of both Intel and non-Intel chips.

What is Meltdown?

The Meltdown attack is said to leak out private information and sensitive data from computer users.

These data include passwords, photos, emails, and other sensitive files. This bug has the potential to steal any info processed on your computer. The more sophisticated versions involve the use of a JavaScript program that records keystrokes and other valuable information.

Experts revealed the Meltdown does not only affect personal computers. It has the ability to attack mobile devices and compromise data stored in the cloud. Especially if the cloud provider’s infrastructure is not strong enough in the first place.

How to Guard Your PC

While the idea of a Meltdown attack stealing data from your computer is scary, there are a few things you can do to protect yourself from it. Microsoft has already issued an emergency security patch that will address the Meltdown attack. This security patch is available through the Windows Update. The only problem is that Windows users with third-party antivirus software might not have access to the patch.

Intel has also issued a firmware update. This update is designed to provide additional hardware protection. It will be up to the OEMs to release the firmware update for Intel. For those who built their own PC, you are advised to check with the OEM part suppliers to find out how to protect your PC.

Linux and macOS will also release their own patches soon. But these patches are only the first line of defense.

Here are some more tips you can follow to guard your PC and other devices:

  • It is recommended to update your operating system. The Meltdown is known to attack every Intel processor that was manufactured since 1995, according to Google researchers. This type of attack impacts the hardware itself. By updating your PC’s operating system, it makes it more difficult for the bug to access your computer.
  • It is also recommended that you perform a firmware update. Intel has already released one for users. The firmware update is important because the attack happens on a hardware level. Intel has also issued a detection tool. This tool is available to determine if your PC is in need of a firmware update.
  • Update your browser. You need to update the software applications on your computer as well. This will help to protect not only from the Meltdown bug but from other current viruses as well. Major PC web browsers such as Chrome and Mozilla already issued updates for their users.
  • Update your anti-virus program. The anti-virus software serves as your computer’s gatekeeper and protector. This will help to discover any CPU flaws and detect a possible Meltdown attack.
  • BONUS: On January 5, Google revealed that it will issue a security update. This will be applicable to all Android phones and protect against the Meltdown attack. All owners of Google-branded phones such as the Pixel, Pixel 2, and Pixel 2 XL are advised to perform the update. If you bought a new Google device, it will be installed automatically.

The extent of the Meltdown attack and the vulnerabilities it might cause are still unknown. All you can do is follow the steps indicated above on how to protect your PC. These steps offer no guarantee if it can put an end to this security threat. But it can provide you better assurance compared to leaving your PC vulnerable to attacks.

Jump to comments (27)

Intel’s been having a torrid time of it lately in regards to the security of its processors. Now, Intel has posted details of a further serious security flaw that researchers have dubbed ‘Foreshadow’. The security hole is potentially exploitable for billions of devices around the world.

The US government has issued a statement saying “an attacker could exploit this vulnerability to obtain sensitive information” .

At its core, Foreshadow, which is officially named the L1 Terminal Fault, operates in a similar manner to the previous Spectre and Meltdown security vulnerabilities. The issue was discovered by a team researchers a handful of months ago and OS and web providers have been busy working on microcode patches in time for Foreshadow going public.

Just like Spectre and Meltdown, Foreshadow takes advantage of speculative execution for any potential attack. Unlike Spectre and Meltdown though, Foreshadow primarily affects new Intel CPUs that utilise Intel’s Software Guard Extensions (SGX). Using speculative execution, hackers can initiate side-channel attacks that target specifically locked down boxes of a CPU’s memory that can be used to handle encryption keys, passwords and the like.

“We expect the potential exposure to most consumer and enterprise users will be low as the first two varieties can be mitigated with microcode and operating system updates available today,” said Intel in a video explaining the situation today.

“The third variety of L1TF is a bit more complicated and potentially affects only a portion of the market. Primarily, a subset of data centres using a technology called virtualisation.”

Intel is recommending to customers that use virtualisation to take additional steps to protect their systems.

“We are not aware of reports that any of these methods have been used in real-world exploits,” said Intel in a statement. “But this further underscores the need for everyone to adhere to security best practices.”

The full list of affect CPUs can be seen here. The list includes all Intel Core processors from the first through to the 8th generation Coffee Lake chaps, as well as dozens of Xeon processor families.

If you’re worried about the effects of Foreshadow L1TF, various microcode and OS updates will be pushed out today. Keep an eye on Windows updates as well as any fixes pushed out by your motherboard manufacturer.

AMD users are unaffected by the L1TF security vulnerability.

Our favourite comments:

I think my addition steps to protect myself is just switching to AMD.