Wednesday, August 7, 2019

Need another good reason to apply 07/18 Windows Patches? - SWAPGS Vulnerability




It could allow attackers to steal any type of information that is stored in the memory, including chat messages, emails, login credentials, payment information, passwords, encryption keys, tokens, or access credentials.

What it comes down to, is that no information can be kept secret.

In order to increase performance in CPUs, a feature called speculative execution will execute instructions before it knows if they are needed or not. Vulnerabilities that target this feature are called side-channel attacks.

In a new side-channel attack discovered by Bitdefender, attackers "break the memory isolation provided by the CPU, allowing an unprivileged attacker to access privileged, kernel memory."


https://www.bleepingcomputer.com/news/security/swapgs-vulnerability-in-modern-cpus-fixed-in-windows-linux-chromeos/

No comments:

Post a Comment