Security researchers demonstrated an attack that combines memory deduplication and Rowhammer exploits in a proof...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
It is more likely for a targeted attack to exploit a low risk vulnerability than for a worm to do so. Most, if not all, vulnerabilities that can be used by a worm would be classified as high risk through basic vulnerability analysis. Enterprises shouldn't completely ignore low risk vulnerabilities, but should focus their resources based on the overall impact of a security incident, or the results of an audit or assessment. In a targeted attack, a skilled attacker can chain different vulnerabilities together to gain access to an individual system and then use that access to attack the rest of the network.
This proof-of-concept attack that combines memory deduplication and a Rowhammer exploit is of low risk. It is very unlikely a Rowhammer-based exploit will be used in a worm, but a Rowhammer and Microsoft Edge attack could be used to capture a targeted password and then used to further attack an enterprise. Researchers from Vrije Universiteit Amsterdam in the Netherlands outlined the specific scenario necessary to extract a password from a targeted system.
For enterprises that have performed a risk assessment and identify this attack as high enough risk to mitigate, there are few steps they can take to limit the impact of an attack using Rowhammer. The most important step is to not browse untrusted websites from servers that could be targeted, but this doesn't protect virtual systems or terminal servers using vulnerable DDR3 or DDR4 memory. The researchers are working with Microsoft to devise a mitigation for this attack.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out how to mitigate bit flipping caused by Rowhammer attacks
Learn if the Rowhammer exploit marks a rise in hardware vulnerabilities
Read about the problems branded vulnerability marketing creates
Dig Deeper on Web browser security
Related Q&A from Nick Lewis
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
The GD library used in the Junos operating system has opened Junos up to attacks. Nick Lewis explains how it happened and what it means for companies...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.