Sergey Nivens - Fotolia
It is more likely for a targeted attack to exploit a low risk vulnerability than for a worm to do so. Most, if not all, vulnerabilities that can be used by a worm would be classified as high risk through basic vulnerability analysis. Enterprises shouldn't completely ignore low risk vulnerabilities, but should focus their resources based on the overall impact of a security incident, or the results of an audit or assessment. In a targeted attack, a skilled attacker can chain different vulnerabilities together to gain access to an individual system and then use that access to attack the rest of the network.
This proof-of-concept attack that combines memory deduplication and a Rowhammer exploit is of low risk. It is very unlikely a Rowhammer-based exploit will be used in a worm, but a Rowhammer and Microsoft Edge attack could be used to capture a targeted password and then used to further attack an enterprise. Researchers from Vrije Universiteit Amsterdam in the Netherlands outlined the specific scenario necessary to extract a password from a targeted system.
For enterprises that have performed a risk assessment and identify this attack as high enough risk to mitigate, there are few steps they can take to limit the impact of an attack using Rowhammer. The most important step is to not browse untrusted websites from servers that could be targeted, but this doesn't protect virtual systems or terminal servers using vulnerable DDR3 or DDR4 memory. The researchers are working with Microsoft to devise a mitigation for this attack.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Find out how to mitigate bit flipping caused by Rowhammer attacks
Learn if the Rowhammer exploit marks a rise in hardware vulnerabilities
Read about the problems branded vulnerability marketing creates
Dig Deeper on Web browser security
Related Q&A from Nick Lewis
IBM banned removable storage devices to encourage employees to use the company's internal file-sharing system. Learn how a ban like this can improve ... Continue Reading
After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick ... Continue Reading
The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.