• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Spoiler Alert: New Security Vulnerability Found Affecting Intel CPUs

Joined
Mar 10, 2015
Messages
2,248 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
While that is true, the default Windows config doesn't allow for remote exploitation. A user/admin would need to deliberately open up a system to be vulnerable, which no one is foolish/stupid enough to do, effectively making physical access a requirement.
If that were true, things like privilege escalation exploits wouldn't exists. The truth is, if someone wants your data, they will get it. No matter where it is. At home, a data center, your phone. The web is fundamentally insecure.

The security that most of us have is that we are simply not interesting enough or profitable enough to target as individuals. That is why corporations and data centers are the target. You can bury your head in the sand all you want but it doesn't change anything.
 
Joined
Jul 5, 2013
Messages
7,483 (3.22/day)
If that were true, things like privilege escalation exploits wouldn't exists. The truth is, if someone wants your data, they will get it. No matter where it is. At home, a data center, your phone. The web is fundamentally insecure.
Can't argue with that, because it's true. What I meant was that these particular vulnerabilities are very fundamentally difficult to pull off remotely.
 
Joined
Jun 28, 2015
Messages
759 (0.47/day)
WHOOAA! Didn't realize this could be done in conjunction to speed up simple java script attack vectors :eek:

Now, this has the potential to get real bad, relatively quickly and not just for servers once the hacking tools become more common and readily available.
 
Joined
Sep 27, 2014
Messages
539 (0.29/day)
I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
 
Joined
Jun 28, 2015
Messages
759 (0.47/day)
Thinking I missed something. Where did you read that?
You can read through the research paper (tedious even if you understand it), but here is a good summary of how it could be done.

Basically in principal (until systematically proven, but by the looks of it, sure seems likely) the exploit can run at the same time as a simple web site java script.

ie: The exploit can lift the information from server memory operations when lets say... it could be comparing passwords in memory for authorization and feed it back to the running java script which could just use it in a brute force attack, without needing the brute force anymore.

Do this fast enough even 2FA could be exploited.
 
Joined
Mar 10, 2015
Messages
2,248 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
You can read through the research paper (tedious even if you understand it), but here is a good summary of how it could be done.

Basically in principal (until systematically proven, but by the looks of it, sure seems likely) the exploit can run at the same time as a simple web site java script.

ie: The exploit can lift the information from server memory operations when lets say... it could be comparing passwords in memory for authorization and feed it back to the running java script which could just use it in a brute force attack, without needing the brute force anymore.

Do this fast enough even 2FA could be exploited.
The problem is that the attacker needs to get the script on the server to begin with. That requires at least successfully exploiting one other vulnerability which is likely going to be XSS (cross site scripting) because a ridiculously high number of sites are vulnerable (read: nearly any).
 
Joined
Jun 28, 2015
Messages
759 (0.47/day)
The problem is that the attacker needs to get the script on the server to begin with. That requires at least successfully exploiting one other vulnerability which is likely going to be XSS (cross site scripting) because a ridiculously high number of sites are vulnerable (read: nearly any).
Or maybe turn it around to the user's computer using a password manager, which is probably much easier to infect than a "well patched" server.

The possibilities are wide open at this point. The more I'm reading, the more this seems like the most flexible exploit I've seen in a very long time.
 
Joined
Oct 26, 2016
Messages
546 (0.49/day)
Location
BGD
System Name KING-XEON
Processor E5645 (4,2Ghz) 6c/12t
Motherboard P6X58D Premium
Cooling Xigmatek LOKI SD963 double-Fan
Memory 30Gb DDR3 Kingston 1333Mhz
Video Card(s) RX 480 8gb/Red-Devil/
Storage 2 x ssd-Kingston 240Gb A400 in RAID 0+ HDD 500Gb
Display(s) 1x Acer 1080P Ips 2x Eizo(Triple Monitor Setup)
Case Lian Lee
Power Supply F S P Hyper S 700W
Mouse SteelSeries Kana V2
Keyboard Func FUNC-KB-460/Mechanical Keyboard
Benchmark Scores Fire Strike 12501 Score(Graphics 15643,Physics 14182),Cinebench 963
Joined
Mar 10, 2015
Messages
2,248 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Or maybe turn it around to the user's computer using a password manager, which is probably much easier to infect than a "well patched" server.

The possibilities are wide open at this point. The more I'm reading, the more this seems like the most flexible exploit I've seen in a very long time.
Javascript will be the scourge of the internet for a while. The problem with the web is the insecurity is built into the HTTP protocol itself as being an RFC compliant server means you have to be backwards compatible with previous HTTP versions. Just look up HTTP 0.9 and then proceed to cry.
 
Joined
Oct 13, 2015
Messages
29 (0.02/day)
If it ain't broke don't fix...
Still mourning the loss of that approach with software in the Internet era, but at least we hadn't so far been 'forced' to unnecessarily upgrade PC hardware to maintain security.
 
Joined
Mar 18, 2008
Messages
4,913 (1.15/day)
Location
Australia
System Name Night Rider | Mini LAN PC | Workhorse
Processor AMD R7 2700X | i7 2600 | i7 970
Motherboard MSi AM4 Pro Carbon | GA-H77M-D3H | Gigabyte EX58-UD5
Cooling AMD Wraith cooler| Coolermaster Gemini with Noctua 3000RPM Fan | Big shairkan B
Memory 2x8GB DDR4 G.Skill Ripjaws 3600MHz| 2x4GB Corsair 1600 | 6x2GB DDR3 1300 Corsair
Video Card(s) ASUS GTX 970 OC in Sli | Gainward GTX 650 TI GS | ASUS 7970 Matrix
Storage 250GB Plextor SSD Por 5 /1TB WD Black | 500GB WD ES/WD Black | WD 320/Seagate 320
Display(s) LG 27" 1440P| Samsung 20" S20C300L/DELL 15" | 22" DELL/19"DELL
Case LIAN LI PC-18 | Mini ATX Case (custom) | Atrix C4 9001
Audio Device(s) Onboard | Onbaord | Onboard
Power Supply Silverstone 750 | Silverstone Mini 450W | Corsair CX-750
Mouse Coolermaster Pro | Rapoo V900 | Gigabyte 6850X
Keyboard MAX Keyboard Nighthawk X8 | Creative Fatal1ty eluminx | Some POS Logitech
Software Windows 7 Pro 64 | Windows 7 Pro 64 | Windows 7 Pro 64/Windows 10 Home
lol Classic
 
Joined
Mar 18, 2015
Messages
2,223 (1.30/day)
Location
Long Island
In my opinion, it is great that security is finally getting highlighted. Now people will understand that 90% of business don't give two poos about protecting your data. This may not be a problem for consumers...until it is. Just remember the processors sitting in all those data centers holding all of your data. Then you find out that every piece of software and hardware you use on a daily basis makes Swiss cheese look like concrete because security and privacy is the first thing that gets thrown out the windows when the budget hammer comes down. Disgusting, frankly.

Truth be told, 9/10 users don't need to worry about this. Most of these attacks require people that actually know what they are doing. The morons will get sniffed out before they have a chance to do anything.
I find the biggest attention threads like this is fans of both sides doing oneupsmanship each time a new vulnerability is discovered. For example, if someone asks whether Corsair AIOs presents a real world risk , I could do a web search and I'd find .... Ok is doesn't happen often but it does happen so that's not 100% ... you decide if it's worth the risk.

https://forums.tomshardware.com/threads/my-corsair-h60-exploded.326466/
h ttps://www.reddit.com/r/buildapc/comments/4pxjp2/corsair_h100i_v2_exploded_on_my_3_day_old_build/

But if if some one asks whether this or that vulnerability from AMD / Intel presents a risk ... I have yet to come up with any real world scenario where someone says "this happened to me"
 
Joined
Mar 10, 2015
Messages
2,248 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
You're quite right. It is very unlikely anyone will deal with this directly. But it could affect any of us indirectly.

Neither 'side' should gloat. Any CPU that performs speculative execution is flawed.
 
Joined
Aug 20, 2007
Messages
11,909 (2.66/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 13-13-13-33-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage Seagate Enterprise Capacity 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) Onboard TOSLINK to Schiit Modi MB to Schiit Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply EVGA SuperNova T2 850W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
So in other words they discovered the NSA's back door.
Yeah, no. Timing based attacks and stuff like this really aren't backdoors but incredibly advanced reverse engineering of an incredibly complex machine. If it's a backdoor, it's a helluva bad one.

Nah. This is likely a legitimate bug. The NSA backdoor is in the Intel Management Engine.
https://en.wikipedia.org/wiki/Intel_Management_Engine
See my post where I disect and scrub the management engine from some asrock boards. TL;DR: Even that is not really able to function as a backdoor.

So you would have to have code running on the machine that sits there looking for the moment when it can intercept a full address to a page in memory, and then grab that out of memory, in the hopes that it has sensitive data in there.

And after I grab that sensitive data and figure out how to use it, I will clean my house with a toothpick.
On datacenters that rent out servers this is a real issue. Suddenly anyone with a login that can execute anything can privilege escalate.

Beyond that, it's of limited scope.

If that were true, things like privilege escalation exploits wouldn't exists. The truth is, if someone wants your data, they will get it. No matter where it is. At home, a data center, your phone. The web is fundamentally insecure.
It's all about making the data harder to get than it is worth.

That barrier works. Things like this massively break down that barrier, though.

bulldozer it is not...

Piledriver it is
Begun, the clone wars has...

/yoda speak
 
Last edited:
Joined
Oct 30, 2008
Messages
1,691 (0.42/day)
Processor 5930K
Motherboard MSI X99 SLI
Cooling WATER
Memory 16GB DDR4 2132
Video Card(s) EVGAY 1080 nilla
Storage SEVERAL SSD"S
Display(s) Catleap/Yamakasi 2560X1440
Case D Frame MINI drilled out
Audio Device(s) onboard
Power Supply Corsair TX750
Mouse DEATH ADDER
Keyboard Razer Black Widow Tournament
Software W10HB
Benchmark Scores PhIlLyChEeSeStEaK
You can read through the research paper (tedious even if you understand it), but here is a good summary of how it could be done.

Basically in principal (until systematically proven, but by the looks of it, sure seems likely) the exploit can run at the same time as a simple web site java script.

ie: The exploit can lift the information from server memory operations when lets say... it could be comparing passwords in memory for authorization and feed it back to the running java script which could just use it in a brute force attack, without needing the brute force anymore.

Do this fast enough even 2FA could be exploited.
Its posts like this that make this site laughable!!!! OH more FEAR PLEASE!!!!!!
 
Joined
Dec 27, 2013
Messages
887 (0.41/day)
Location
somewhere
I am sure AMD CPUs are affected too... This is not negligence, it is a principle bug. Every processor needs speculative execution , or else will crawl. And that opens the gate to this kind of attacks.
They just didn't found the AMD one yet.

It's funny that a similar comment above got down voted.
Pains me to say it but you are likely correct. Intel has much higher marketshare and of course most people are going to try to target Intel architecture first.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,670 (4.36/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Pains me to say it but you are likely correct. Intel has much higher marketshare and of course most people are going to try to target Intel architecture first.
I'm sure AMD will suddenly get lots more attention when/if EPYC makes a significant dent in Intel's market share in the server space...

It's like one of the oldest arguments for using Linux, or even Mac. "Everyone makes viruses for Windows! There are no viruses for Linux/Mac". Because Windows is by far the bigger target...
 
Joined
Jul 5, 2013
Messages
7,483 (3.22/day)
It's like one of the oldest arguments for using Linux, or even Mac. "Everyone makes viruses for Windows! There are no viruses for Linux/Mac". Because Windows is by far the bigger target...
Which we all know that is a load of nonsense. There are even Unix and BSD virii/malware.
 
Last edited:

hat

Enthusiast
Joined
Nov 20, 2006
Messages
20,670 (4.36/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: Athlon II x4 630 3.5GHz
Motherboard ASUS P8P67 Pro :: GIgabyte GA-770T-USB3
Cooling Corsair H70 :: Thermaltake Big Typhoon
Memory 2x4GB DDR3 1866 :: 2x1GB DDR3 1333
Video Card(s) 2x PNY GTX1070 :: none
Storage Plextor M5s 128GB, WDC Black 500GB :: Mushkin Enhanced 60GB SSD, WD RE3 1TB
Display(s) Acer P216HL HDMI :: None
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Onboard - iLive IT153B Soundbar (optical) :: None
Power Supply EVGA 500w 80 Plus :: Wounded Corsair CX600
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Probably. 10 years ago I didn't question that statement, but today I am aware that, even though Windows is still by far the most popular desktop OS, Linux is in heavy use in server environments. Surely it's a big enough target for someone to bother with?
 
Joined
Aug 20, 2007
Messages
11,909 (2.66/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 13-13-13-33-2T
Video Card(s) EVGA GTX 1080 FTW2
Storage Seagate Enterprise Capacity 3.5" HDD 2TB 7200 RPM (w/128MBs of Cache)
Display(s) LG 32GK850G-B 1440p 32" AMVA Panel G-Sync 144hz Display
Case Thermaltake Core X31
Audio Device(s) Onboard TOSLINK to Schiit Modi MB to Schiit Asgard 2 Amp to AKG K7XX Ruby Red Massdrop Headphones
Power Supply EVGA SuperNova T2 850W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 x64 Enterprise... yes, it's legit.
Which we all know that is a load of nonsense. There are even Unix and BSD virii/malware.
Personally, I'm more afraid to run an unpatched linux server than a Windows one.

Why? One word. Root. Root is way too powerful.
 
Joined
Jul 5, 2013
Messages
7,483 (3.22/day)
Personally, I'm more afraid to run an unpatched linux server than a Windows one.

Why? One word. Root. Root is way too powerful.
While you have a point, there are measures and fail-safes that can and do protect from such problems.
 
Joined
Mar 10, 2015
Messages
2,248 (1.31/day)
System Name Wut?
Processor 3900X
Motherboard ASRock Taichi X570
Cooling Water
Memory 32GB GSkill CL16 3600mhz
Video Card(s) Vega 56
Storage 2 x AData XPG 8200 Pro 1TB
Display(s) 3440 x 1440
Case Thermaltake Tower 900
Power Supply Seasonic Prime Ultra Platinum
Top