SWAPGS Attack coverage when?

I need a solution

When will be the coverage for the SWAPGS attack be available?

Details

Sharing with you new Security Vulnerability Found announced by Microsoft.

The best way to prevent this is to install the latest security patch recommended by Microsoft.

A new Security Vulnerability was recently announced by Microsoft which can be considered a variant of the old Spectre vulnerability.  This new vulnerability is called the SWAPGS attacks.  Its name comes from the fact that the vulnerability leverages on the “SWAPGS instruction”, one of the predictive executions within the affected processors which helps improve the speed of our computers. The researchers discovered a way to manipulate this instruction to leak out information that should be available to the operating system only.

So which systems are affected?

The SWAPGS Attack affects newer Intel CPUs that use speculative execution.

“A successful attack requires a vulnerable Intel CPU, an unpatched operating system and several hours of continuous probing,” Bogdan Botezatu, Director of Threat Research at Bitdefender, told Help Net Security.

The researchers from BitDefender, the ones responsible for the discovery, have stated that the vulnerability affects all Intel CPUs manufactured from 2012 to the present.  However, Red Hat has also come out with its own security advisory  stating that the vulnerability affects x86-64 systems using both Intel and AMD processors, which AMD itself disputes as its own statement on this matter states they are not affected by the vulnerability.  The advisory also stated that from the industry feedback, they are not aware of a way to exploit this vulnerability of Linux kernel-based systems.

Please read full article from this link: https://www.bitdefender.com/business/swapgs-attack.html

What can I do to prevent this?

Firstly, this vulnerability was already included in the July 9 security update of Microsoft, so if you’ve already up to date with the security patches you don’t have to do anything.

As for existing Trend Micro users, given that this is a local type of vulnerability, Trend Micro IPS rule cannot be created for this. Vulnerability exploitable with only local access requires the attacker to either have physical access or be logged on to the vulnerable system. DPI can only detect attacks over the network”.

As stated above, it would be best to immediately update your OS Security Patches, you may find a list below:

SUSE: https://www.suse.com/security/cve/CVE-2019-1125/

RHEL/CentOS: https://access.redhat.com/articles/4329821

Ubuntu: https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-1125.html

Microsoft: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1125

Debian: https://security-tracker.debian.org/tracker/CVE-2019-1125

0

Related:


Leave a Reply