A new Security Vulnerability was recently announced by Microsoft which can be considered a variant of the old Spectre vulnerability. This new vulnerability is called the SWAPGS attacks. Its name comes from the fact that the vulnerability leverages on the “SWAPGS instruction”, one of the predictive executions within the affected processors which helps improve the speed of our computers.
So which systems are affected?
The researchers from BitDefender, the ones responsible for the discovery, have stated that the vulnerability affects all Intel CPUs manufactured from 2012 to the present. However, Red Hat has also come out with its own security advisory stating that the vulnerability affects x86-64 systems using both Intel and AMD processors, which AMD itself disputes as its own statement on this matter states they are not affected by the vulnerability. The advisory also stated that from the industry feedback, they are not aware of a way to exploit this vulnerability of Linux kernel-based systems.
Is this attack easily executed? Am I the target for these attacks?
With the details of these attacks fully disclosed, the chances of becoming a victim of these attacks are a lot higher. However, as these kinds of attacks are very time consuming, cyber criminals would be more likely to attack more lucrative targets such as organizations or their key personal rather than target smaller individuals.
“Criminals with knowledge of these attacks would have the power to uncover the most vital, best-protected information of both companies and private individuals around the world, and the corresponding power to steal, blackmail, sabotage and spy,” Gavin Hill, vice-president for datacenter and network security products at Bitdefender warned.
What can I do to prevent this?
Firstly, this vulnerability was already included in the July 9 security update of Microsoft, so if you’ve already up to date with the security patches you don’t have to do anything.
As for existing Trend Micro users, given that this is a local type of vulnerability, Trend Micro IPS rule cannot be created for this. Vulnerability exploitable with only local access requires the attacker to either have physical access or be logged on to the vulnerable system. DPI can only detect attacks over the network.
As stated above, it would be best to immediately update your OS Security Patches, you may find a list below:
- SUSE: https://www.suse.com/security/cve/CVE-2019-1125/
- RHEL/CentOS: https://access.redhat.com/articles/4329821
- Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1125.html
- Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125
- Debian: https://security-tracker.debian.org/tracker/CVE-2019-1125
For more inquiries regarding this vulnerability, please do contact us at 893-9515 and we will be happy to answer them!