Intel CPUs Hit by Exploit

Tuesday, June 19, 2012 @ 02:06 PM gHale


A security vulnerability in the virtualization software built into Intel’s hardware allows an attacker to execute code in Ring 0 of the CPU.

The problem affects 64-bit versions of Windows, Linux, FreeBSD and the Xen hypervisor.

RELATED STORIES
Adobe Hotfix for ColdFusion
Adobe Patches ColdFusion Flaw
After Patch, APT’s Still Hit
Adobe Mac Updates Silenced

By manipulating the stack, an attacker from Ring 3 can get code executed in Ring 0 of the CPU to elevate their local privileges or escape the virtual machine jail.

The flaw seems to only affect Intel hardware – AMD and ARM CPUs do not suffer from the issue.

To close the security hole, users should apply updates from their operating system supplier. To this end, Xen, FreeBSD and Microsoft published operating system specific details on the vulnerability. Linux vendor Red Hat also published two updates on the problem.



Leave a Reply

You must be logged in to post a comment.