Well-known security software developer Bitdefender found a new bypass attack, Swapgs on Intel processors which can bypass Spectre and Meltdown defenses. Attackers can use the speculative execution technology used by Intel to increase privilege and obtain confidential and sensitive data stored in memory or cache. The new security vulnerability can actually bypass all current Spectre and Meltdown series vulnerability microcode updates. However, this vulnerability was discovered by Bitdefender last year and was submitted to Intel. Until recently, Intel released a new microcode to fix it.
Bitdefender said that it is very difficult and challenging to solve these vulnerabilities. Because these vulnerabilities go deep into the architecture and operation of modern processors, completely eliminating vulnerabilities involves replacing hardware or disabling Hyper-Threading technology. The same is true even if the mitigation mechanism is created, and it may hinder the performance improvement achieved by the speculative execution function, which is to reduce performance. For example, complete elimination of a bypass attack against Intel processor speculative execution may require full disabling of Hyper-Threading technology but this can severely impact performance.
Attackers can access sensitive information in the kernel, such as sniffing passwords, encryption keys, and access credentials in the kernel and cache. In fact, if an attacker exploits the above vulnerability to improve the privilege, then more things can be done, such as inserting a backdoor to steal the bank password. In addition, any laptops, desktops, servers, and other devices that use Intel’s third-generation and later processors are affected by this vulnerability.
Since the publication of the Spectre and Meltdown series of vulnerabilities, researchers have carefully analyzed the speculative execution capabilities of modern processors, especially the functional bypass attack. Bitdefender researchers worked with Intel for several years and then publicly disclosed the vulnerability, while Bitdefender also worked with Microsoft to develop a mitigation update. Other software and hardware developers in the ecosystem are also involved, such as the current Red Hat team has indicated that it needs to make updates to continue mitigation. Bitdefender has released detailed research white papers, including detailed disclosure time, the research behind the attack, and attack demo videos.