Welcome to WebmasterWorld Guest from 23.22.182.29

Forum Moderators: open

Message Too Old, No Replies

Exploit Code Targeting Intel Chip Flaw to Be Published Today

     
6:09 pm on Mar 19, 2009 (gmt 0)

Administrator

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 8, 2003
posts:3783
votes: 2


Uh Oh, Exploit code targeting major Intel chip flaw to be posted 3/19/09 [networkworld.com]

The heart-stopping thing about this particular exploit is that it hides itself in the SMM space. To put that into perspective, SMM is more privileged than a hypervisor is and it's not controllable by any Operating System. By design, the operating system cannot override or disable System Management Interupt (SMI) calls. In practice, the only way for you to know what is running in SMM space is to physically disassemble the firmware of your computer. So, given that an SMI takes precedence over any OS call, the OS cannot control or read SMM, and the only way to read SMM is to disassemble the system makes an SMM rootkit incredibly stealthy!
11:20 pm on Mar 19, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


I'm not worried - I have an AMD64 in my primary machine.

There is paranoia here, it may provide new methods of attack but the code still has to reside in a file and it can, in theory, be detected there by anti-virus software.

Also, it sounds like it should be possible to disable this attack vector by disabling caching (but that would hit performance). However, this is not supported by every bios.

Kaled.