Request a Quote

Intel Patches Widespread Processor Vulnerability

We Keep you Connected

Intel Patches Widespread Processor Vulnerability

Intel Patches Widespread Processor Vulnerability
Your email has been sent
The strange vulnerability could have allowed for escalation of privilege, denial of service or information disclosure attacks.
Intel has published a fix for a potential vulnerability that affected some Intel processors. The security flaw, named Reptar, causes “very strange behavior,” said Google’s Tavis Ormandy, who is one of the researchers who discovered the bug.
No attacks have been reported using the Reptar bug. However, Ormandy noted the bug is potentially wide-reaching and not yet fully understood: “… we simply don’t know if we can control the corruption precisely enough to achieve privilege escalation,” he wrote on his site about the Reptar vulnerability. “I suspect that it is possible, but we don’t have any way to debug μop (micro) execution!”
Jump to:
Put very simply, Reptar breaks some basic rules of how processors usually work and could lead to a system crash, escalation of privilege attacks, denial of service attacks or unwanted information disclosure.
The problem was with the prefixes used to modify instructions when writing x86 assembly. The prefix rex could interact in unexpected ways on machines with a feature called fast short repeat move; this feature was first introduced in Intel’s Ice Lake architecture. Ormandy has a much more technical explanation.
SEE: Google Cloud advised security teams should keep an eye out for a wide variety of attacks in 2024 (TechRepublic)
The “strange behavior” Ormandy and his Google colleagues found included branches to unexpected locations, unconditional branches being ignored and inaccurate recordings of the instruction pointer in xsave or call instructions. Ormandy also found that a debugger returned impossible states when the researchers were trying to look into the problem.
MITRE tracks this bug as CVE-2023-23583.
On Nov. 14, Intel addressed the potential flaw in a variety of processors. Intel mitigated the flaw in:
Intel released a microcode update for:
Intel had been aware of this bug previously to the Google researchers’ work on it and was moving the bug through Intel’s standardized Intel Platform Update process. Intel had scheduled a fix for March, ArsTechnica found, but the Google team’s discovery of the possible escalation of privileges made it a higher priority.
An Intel statement provided to TechRepublic by email said, “At the request of customers, including OEMs and CSPs, this process (the Intel Platform Update process) typically includes a validation, integration and deployment window after Intel deems the patch meets production quality, and helps ensure that mitigations are available to all customers on all supported Intel platforms when the issue is publicly disclosed.”
Intel recommends that organizations using the affected processors update to the latest versions. System administrators should make sure their BIOS, system OS and drivers are up to date. System admins can visit Intel’s microcode repository to download the microcode and can contact Intel or their operating system vendor for more information.
This potential vulnerability is a good reminder to keep all software and hardware up to date.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Intel Patches Widespread Processor Vulnerability
Your email has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
This is a comprehensive list of the best AI art generators. Explore the advanced technology that transforms imagination into stunning artworks.
Find the perfect payroll service for your business without breaking the bank. Discover the top cheap payroll services, features, pricing and pros and cons.
Is NordVPN worth it? How much does it cost and is it safe to use? Read our NordVPN review to learn about pricing, features, security, and more.
Free project management software provides flexibility for managing projects without paying a cent. Check out our list of the top free project management tools.
Australian and New Zealand enterprises in the public cloud are facing pressure to optimize cloud strategies due to a growth in usage and expected future demand, including for artificial intelligence use cases.
TechRepublic Premium was at the NTT R&D Forum Tokyo 2023, November 14-17. NTT used the event to focus on generative AI, specific service systems, use cases and its IOWN (Innovative Optical and Wireless Network), which was launched in March of this year. In this feature, discover what IOWN means, get news on NTT’s partnership with …
It’s an unfortunate event when an employee becomes severely ill and requires an extended sick leave from work, but companies should have a plan in place for these situations. This plan needs to ensure that both the employee and the company have a set of duties and responsibilities and provide a fair arrangement for all …
It doesn’t matter whether your organization is a huge multinational business enterprise or a one-person operation, cybersecurity will be an important issue. With this TechRepublic Premium pack, readers can get four cybersecurity glossaries for a bargain price. Each glossary explains the terminology and will help you understand the language with clear, concise definitions. The bundle …
According to Microsoft, there are 150 million startups in the world, with 50 million new startups launching every year. On average, there are 137,000 startups emerging every day. With competition that high, it is hard for new startups to succeed — and it’s important to know the words behind the stories. This glossary from TechRepublic …
Get the web’s best business technology news, tutorials, reviews, trends, and analysis—in your inbox. Let’s start with the basics.
* – indicates required fields
Lost your password? Request a new password
Please enter your email adress. You will receive an email message with instructions on how to reset your password.
Check your email for a password reset link. If you didn’t receive an email don’t forgot to check your spam folder, otherwise contact support.
This will help us provide you with customized content.
Thanks for signing up! Keep an eye out for a confirmation email from our team. To ensure any newsletters you subscribed to hit your inbox, make sure to add newsletters@nl.technologyadvice.com to your contacts list.

source

 

Enterprise Guardian (EnGuard) specializes in HIPAA Compliant Email for the Healthcare Industry.
HIPAA Compliant Email, Telehealth & Cloud Made Easy.

 

GET THE LATEST UPDATES, OFFERS, INFORMATION & MORE