Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint Security //

Windows

5/10/2018
08:05 AM
Scott Ferguson
Scott Ferguson
News Analysis-Security Now
50%
50%

Microsoft, Apple & Others Rush OS Patches Following Debugging Debacle

Microsoft, Apple, along with several open source operating systems providers, plus a few hypervisor vendors, rushed patches out this week following a x86 chip debugging mistake.

Microsoft, Apple and other providers of open source operating systems had to rush out emergency patches this week after several vendors goofed on instructions for an Intel debugging feature, which, in turn, left all these OSs open to an attack.

Additionally, the mistake also affected several hypervisor providers as well.

Nick Peterson, a researcher with Everdox Tech, is being credited with noticing the flaw and alerting Intel and Microsoft initially, according to a May alert issued by CERT.

If left unpatched, the flaw could allow an attacker to "read sensitive data in memory or control low-level operating system functions," according to Tuesday's alert. It's not clear if a malicious attacker attempted to exploit the vulnerability, but it was severe enough that nearly all operating system vendors issues patches on the same day.

This not only included Microsoft Windows and Apple's macOS but a host of open source software as well from DragonFly BSD Project, FreeBSD Project, Linux Kernel, Red Hat, SUSE, Synology and Ubuntu.

That list also included Xen and VMware for their respective hypervisors.

At the heart of this issue is how these various software vendors responded to a debugging update that Intel was making to its x86-64 chip architecture. Specifically, it dealt with two parts of the x86-64 instruction set: MOV SS and POP SS. These instruction sets are also found in AMD processors as well.

Changes within MOV SS or POP SS can cause different behaviors within an operating system. As the CERT alert notes:

In certain circumstances after the use of certain Intel x86-64 architecture instructions, a debug exception pointing to data in a lower ring (for most operating systems, the kernel Ring 0 level) is made available to operating system components running in Ring 3. This may allow an attacker to utilize operating system APIs to gain access to sensitive memory information or control low-level operating system functions.

In addition to the alert, Peterson wrote an entire research note on this particular vulnerability.


The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

Since all the operating systems are different, each company has sent out different alerts. Microsoft, for example, notes about the vulnerability in the Windows kernel and how it fails to handle objects in memory.

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," according to Microsoft's security alert.

One noteworthy issue of this vulnerability is that it can be exploited by a remote attacker. An attack would need to start on a PC or server that is already compromised.

In his report, Peterson noted that this could have been caused by incomplete instructions when it came to the debugging issue.

Related posts:

— Scott Ferguson is the managing editor of Light Reading and the editor of Security Now. Follow him on Twitter @sferguson_LR.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34362
PUBLISHED: 2021-10-22
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media ...
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.