makspogonii - Fotolia
New speculative execution vulnerabilities were found to affect Intel processors, and they can enable a side-channel attack known as L1 Terminal Fault (L1TF). How does the L1TF attack work? What should enterprises know about this threat?
L1TF, also known as Foreshadow, is triggered when the logical memory address is not properly mapped to a physical location during a computer program's attempt to access data in the chip's memory. The Intel processor, either Core or Xeon, speculatively accesses the information in the Level 1 data cache, which is stored in a protected portion of the memory.
The exploit of this side-channel method allows attackers to gain access to sensitive information, including encryption keys, system files and passwords. The new L1TF speculative execution vulnerabilities have been grouped into three types of terminal faults, including:
- Intel Software Guard Extensions (SGX);
- operating systems and System Management Mode (OS/SMM); and
- virtualization software and Virtual Machine Monitor (VMM).
These vulnerabilities pose a threat, as they could enable an attacker to execute arbitrary or transient code with or without root privileges and steal sensitive data from the operating system or SMM memory. An attacker could also alter the SGX enclave memory or the memory used by the virtual machines on the same host. However, these three flaws have not been exploited in the wild, according to Intel.
Security professionals can mitigate these flaws by checking the status of Intel's microcode updates, which are available from OEM vendors, or by downloading Microsoft's and Oracle's L1TF updates.
You should also ensure that Microsoft Azure, AWS and Google Compute Engine have been updated and that microcode, BIOS, OS and virtualization software has been updated for both the hosts and the guests. These updates together can make hyperthreading unnecessary.
In addition, admins should ensure that secret SGX keys have not been compromised and consider rekeying the trusted computing base and SGX applications with BIOS updates and the support team.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Related Q&A from Judith Myerson
The Constrained Application Protocol underpins IoT networks. But the protocol could allow a threat actor to launch an attack. Continue Reading
Dutch researchers discovered flaws in ATA security and TCG Opal affecting self-encrypting drives. What steps can you take to guard data stored on ... Continue Reading
The Signal Desktop application was found to be making decryption keys available in plaintext. Learn how the SQLite database and plaintext passwords ... Continue Reading