Microsoft, Apple, along with several open source operating systems providers, plus a few hypervisor vendors, rushed patches out this week following a x86 chip debugging mistake.

Scott Ferguson, Managing Editor, Light Reading

May 10, 2018

3 Min Read

Microsoft, Apple and other providers of open source operating systems had to rush out emergency patches this week after several vendors goofed on instructions for an Intel debugging feature, which, in turn, left all these OSs open to an attack.

Additionally, the mistake also affected several hypervisor providers as well.

Nick Peterson, a researcher with Everdox Tech, is being credited with noticing the flaw and alerting Intel and Microsoft initially, according to a May alert issued by CERT.

If left unpatched, the flaw could allow an attacker to "read sensitive data in memory or control low-level operating system functions," according to Tuesday's alert. It's not clear if a malicious attacker attempted to exploit the vulnerability, but it was severe enough that nearly all operating system vendors issues patches on the same day.

(Source: Recklessstudios via Pixabay)

(Source: Recklessstudios via Pixabay)

This not only included Microsoft Windows and Apple's macOS but a host of open source software as well from DragonFly BSD Project, FreeBSD Project, Linux Kernel, Red Hat, SUSE, Synology and Ubuntu.

That list also included Xen and VMware for their respective hypervisors.

At the heart of this issue is how these various software vendors responded to a debugging update that Intel was making to its x86-64 chip architecture. Specifically, it dealt with two parts of the x86-64 instruction set: MOV SS and POP SS. These instruction sets are also found in AMD processors as well.

Changes within MOV SS or POP SS can cause different behaviors within an operating system. As the CERT alert notes:

"In certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3. This may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions."

In addition to the alert, Peterson wrote an entire research note on this particular vulnerability.

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Since all the operating systems are different, each company has sent out different alerts. Microsoft, for example, notes about the vulnerability in the Windows kernel and how it fails to handle objects in memory.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft's security alert.

One noteworthy issue of this vulnerability is that it can be exploited by a remote attacker. An attack would need to start on a PC or server that is already compromised.

In his report, Peterson noted that this could have been caused by incomplete instructions when it came to the debugging issue.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Read more about:

Security Now

About the Author(s)

Scott Ferguson

Managing Editor, Light Reading

Prior to joining Enterprise Cloud News, he was director of audience development for InformationWeek, where he oversaw the publications' newsletters, editorial content, email and content marketing initiatives. Before that, he served as editor-in-chief of eWEEK, overseeing both the website and the print edition of the magazine. For more than a decade, Scott has covered the IT enterprise industry with a focus on cloud computing, datacenter technologies, virtualization, IoT and microprocessors, as well as PCs and mobile. Before covering tech, he was a staff writer at the Asbury Park Press and the Herald News, both located in New Jersey. Scott has degrees in journalism and history from William Paterson University, and is based in Greater New York.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights