Hardware vulnerability bypasses Spectre and Meltdown patches
It impacts all Windows systems using Intel and AMD processors since 2012.
- I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
A new hardware vulnerability bypassing previous Spectre and Meltdown protections has been found by Bitdefender researchers, CNET sister site ZDNet reported Tuesday. It affects all Windows systems with AMD or Intel processors since 2012 and can access protected memory.
Spectre and Meltdown are vulnerabilities uncovered in the chips that handle sensitive data like passwords and encryption keys. Chips originally affected when the vulnerability was revealed back in January 2018 included Intel and AMD or those designed by Arm.
The latest Spectre variant, called SWAPGSAttack and designated CVE-2019-1125, could be used to secretly monitor and take information off a computer. While it works around previous patches, you can protect yourself by using a security update released in July after Bitdefender worked with Intel and Microsoft on the issue for a year.
Microsoft's advisory says "an attacker who successfully exploited the vulnerability could read privileged data across trust boundaries."
"Customers who have Windows Update enabled and applied the security updates are protected automatically," a Microsoft spokesperson also told ZDNet.
AMD said in a statement that it doesn't believe it is vulnerable to the SWAPGS variant attacks.
"Intel, along with industry partners, determined the issue was better addressed at the software level and connected the researchers to Microsoft," an Intel spokesperson added to ZDNet.
SWAPGSAttack was revealed during the Black Hat hacker conference Tuesday.
First published at 5:16 p.m. PT on Aug. 6.
Updated at 6:56 p.m. PT: AMD and Arm also affected; 8:02 p.m. PT: adds statement from AMD.