Recently, Microsoft released the latest vulnerabilities report to extend thanks to Qihoo 360 and Tsinghua University for discovering the new vulnerability infecting CPU. We classified this kind of processor vulnerability as L1TF (L1 Terminal Fault). It is our pleasure to be the very first Chinese security company which disclosed processor vulnerabilities and received an acknowledgment from Microsoft.
The current finding is that this kind of vulnerability would only affect Intel CPUs. If the vulnerability is exploited by attackers, it may affect users’ microprocessors, operating systems, system management mode and virtualization software. It may also steal the important data from many types of computing devices.
In fact, processor vulnerabilities usually have significant effects on vendors and users. Once these vulnerabilities are exploited by malicious programs, attackers can access unauthorized memory to steal various information such as user accounts, passwords, application files, caches etc., from the RAM of the attacked computers.
The researchers of 360 CERT (360 Computer Emergency Readiness Team) stated that the recent vulnerability is different from Meltdown and Spectre that attackers cannot exploit it to obtain RAM data. Besides, the current attack method which independently uses this vulnerability cannot get the target memory accurately. Hence, it is hard for attackers to get users’ data. In addition, the vulnerabilities have not been exploited by attackers to launch the real attacks.
However, it cannot be underestimated. Microsoft’s previous mitigations against CPU security vulnerabilities such as KPTI, are not valid for this kind of vulnerability.
The professor of Tsinghua University, Leibo Liu, said that the security issues of CPU require the industry to further explore the solutions combining hardware and software.
Security experts said that if the vulnerability is exploited by hackers, it may steal users’ browser memory data, virtual machines, and even kernel data. For netizens, the social media account, private albums with privacy permissions, etc., may be at risk of being stolen. However, because it is difficult to exploit the vulnerability and cannot be directly used to steal users’ privacy, the threat is not significant. Hence, the users do not have to be overly panic.
Intel revealed that the products involved include the widely used Core and Xeon processors, which pose significant risks for both PC users and data centers.
The 360CERT team discovered and reported this vulnerability to Microsoft immediately, and Microsoft also actively repaired it in the first place. At the same time, Intel was committed to improving the hardware to protect against the future attacks. Besides, Intel microcode has been updated as well.
Intel also noted that the recent security update will not significantly affect the system performance.
The 360CERT team recommends that users and system administrators should contact the system manufacturers and system software vendors, and apply the available updates as soon as possible.
Learn more about 360 Total Security