Browse archive

Latest news

Experts highlight top data breach vulnerabilities

NYPD detective accused of hiring email hackers

Guantanamo cuts off Wi-Fi access due to OpGTMO

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

A closer look at Mega cloud storage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

US-CERT warns of Intel CPU flaw

Posted on 18 June 2012.

A flaw in Intel chips leaves users of a number or x64-based operating systems vulnerable to system hijacking, the US Computer Emergency Readiness Team warns.

"Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape," they explained in a recently released advisory.

Among the systems affected are the 64-bit version of Windows 7 and Windows Server 2008 R2, as well as FreeBSD, NetBSD, RedHat, and a host of systems employing the Xen hypervisor.

VMware's virtualization software is not affected, and neither are AMD's processors, as they do not use the SYSRET instruction whose incorrect handling causes the flaw or handle it differently.

Many of the affected vendors have already pushed out an update that defuses the flaw.

Microsoft did it and warned about it during this month's Patch Tuesday, and pointed out that the vulnerability can be exploited only locally, and by an attacker that has valid logon credentials.