Hardware vulnerability bypasses Spectre and Meltdown patches

It impacts all Windows systems using Intel and AMD processors since 2012.

Corinne Reichert Senior Editor
Corinne Reichert (she/her) grew up in Sydney, Australia and moved to California in 2019. She holds degrees in law and communications, and currently writes news, analysis and features for CNET across the topics of electric vehicles, broadband networks, mobile devices, big tech, artificial intelligence, home technology and entertainment. In her spare time, she watches soccer games and F1 races, and goes to Disneyland as often as possible.
Expertise News | Mobile | Broadband | 5G | Home tech | Streaming services | Entertainment | AI | Policy | Business | Politics Credentials
  • I've been covering technology and mobile for 12 years, first as a telecommunications reporter and assistant editor at ZDNet in Australia, then as CNET's West Coast head of breaking news, and now in the Thought Leadership team.
Corinne Reichert
James Martin/CNET

A new hardware vulnerability bypassing previous Spectre and Meltdown protections has been found by Bitdefender researchers, CNET sister site ZDNet reported Tuesday. It affects all Windows systems with AMD or  Intel processors since 2012 and can access protected memory.

Spectre and Meltdown are vulnerabilities uncovered in the chips that handle sensitive data like passwords and encryption keys. Chips originally affected when the vulnerability was revealed back in January 2018 included Intel and AMD or those designed by Arm.

The latest Spectre variant, called SWAPGSAttack and designated CVE-2019-1125, could be used to secretly monitor and take information off a computer. While it works around previous patches, you can protect yourself by using a security update released in July after Bitdefender worked with Intel and Microsoft on the issue for a year.

Microsoft's advisory says "an attacker who successfully exploited the vulnerability could read privileged data across trust boundaries."

"Customers who have Windows Update enabled and applied the security updates are protected automatically," a Microsoft spokesperson also told ZDNet. 

AMD said in a statement that it doesn't believe it is vulnerable to the SWAPGS variant attacks.

"Intel, along with industry partners, determined the issue was better addressed at the software level and connected the researchers to Microsoft," an Intel spokesperson added to ZDNet.

SWAPGSAttack was revealed during the Black Hat hacker conference Tuesday.

First published at 5:16 p.m. PT on Aug. 6.
Updated at 6:56 p.m. PT: AMD and Arm also affected; 8:02 p.m. PT: adds statement from AMD.