Otto background

Intel x86-64 Hardware Flaw

This week’s news of the Intel x86-64 hardware flaw is a massive vulnerability that will affect nearly every company and person with a computer. Considering the number of workstations sold in the last ten years, even when accounting for retired devices, combined with the number of servers using Intel processors, including AWS and Azure, the number of affected endpoints could be more than a billion.

Because the vulnerability affects both servers and workstations, and impacts Windows, Linux, and Mac operating systems, Intel is now right up there with Yahoo as one of the largest vulnerabilities ever discovered. If you’re wondering how much of your infrastructure is at risk, you can figure that any endpoint not running an AMD processor is vulnerable.

The issue has not been fully identified while engineers from the different software operating systems work on a fix. Even though it is an Intel hardware bug, a microcode update is not able to fix it, leaving the responsibility on Microsoft, Apple, and Linux developers.

The core issue is that the kernel’s memory can be accessed through the user processes. The flaw enables common programs and applications to access contents in the protected kernel memory such as passwords, login files, etc…. According to The Register, “clearly there is a flaw in Intel's silicon that allows kernel access protections to be bypassed in some way.”

As you know, anytime an end user is running a program or application, the kernel is always switching back and forth between kernel mode and user mode. This typically invisible process has complete control over the operating system with root level access. The solution is to either get a new device with a different processor, which is not realistic for the majority of people, or to separate the kernel’s memory from the user processes using kernel page-table isolation (KPTI), basically moving the kernel to a different address space. This is the patch being developed.

The problem is performance degradation. The Register mentions, “The effects are still being benchmarked, however we're looking at a ballpark figure of five to 30 per cent slow down, depending on the task and the processor model.” Obviously this is not good news for IT Departments, end users, or business operations. The impact to virtual environments is not fully known. Amazon Web Services and Microsoft Azure have maintenance scheduled in the coming days, with the concern being that operating systems may need to be fully overhauled to deal with the issue.

The Register also notes that Linux has been rolling out patches for their distros since October, Apple may have already started to address it with their latest update, and Microsoft is expected to have a patch for it in this month’s Patch Tuesday release. Application of this patch is not something you want to delay. Once the details are out, cyber attackers are going to be looking to exploit it as soon as possible.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.