Sergey Nivens - Fotolia
It is more likely for a targeted attack to exploit a low risk vulnerability than for a worm to do so. Most, if not all, vulnerabilities that can be used by a worm would be classified as high risk through basic vulnerability analysis. Enterprises shouldn't completely ignore low risk vulnerabilities, but should focus their resources based on the overall impact of a security incident, or the results of an audit or assessment. In a targeted attack, a skilled attacker can chain different vulnerabilities together to gain access to an individual system and then use that access to attack the rest of the network.
This proof-of-concept attack that combines memory deduplication and a Rowhammer exploit is of low risk. It is very unlikely a Rowhammer-based exploit will be used in a worm, but a Rowhammer and Microsoft Edge attack could be used to capture a targeted password and then used to further attack an enterprise. Researchers from Vrije Universiteit Amsterdam in the Netherlands outlined the specific scenario necessary to extract a password from a targeted system.
For enterprises that have performed a risk assessment and identify this attack as high enough risk to mitigate, there are few steps they can take to limit the impact of an attack using Rowhammer. The most important step is to not browse untrusted websites from servers that could be targeted, but this doesn't protect virtual systems or terminal servers using vulnerable DDR3 or DDR4 memory. The researchers are working with Microsoft to devise a mitigation for this attack.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out how to mitigate bit flipping caused by Rowhammer attacks
Learn if the Rowhammer exploit marks a rise in hardware vulnerabilities
Read about the problems branded vulnerability marketing creates
Dig Deeper on Web browser security
Related Q&A from Nick Lewis
Enterprises have many options for email security best practices, ranging from deploying email security protocols to educating end users on the ... Continue Reading
Cyberattacks often begin with a port scan attack, which attackers use to find exploitable vulnerabilities on targeted systems. Learn how they work ... Continue Reading
Monitoring process memory is one way to combat fileless malware attacks. Here's what you can do to protect your network against these campaigns. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.