Security

Mitigation Updates Released by Microsoft for L1 Terminal Fault which lets Hackers Remotely Access Privileged Data

Microsoft released numerous advisories since the beginning of the year to address the speculative execution side channel hardware vulnerabilities in Intel’s Core and Xeon processors. The vulnerabilities in question were namely Spectre and Metldown. Microsoft has just now released another advisory for a speculative side channel vulnerability: the L1 Terminal Fault (L1TF).

According to the advisory released, this L1 Terminal Fault has been assigned three CVE identifiers. The first, CVE-2018-3615, refers to the L1TF vulnerability in the Intel Software Guard Extensions (SGX). The second, CVE-2018-3620, refers to the L1TF vulnerability in the Operating System and System Management Mode (SMM). The third, CVE-2018-3646, refers to the L1TF vulnerability in the Virtual Machine Manager (VMM).

The primary risk associated with these vulnerabilities comes such that if the side channels are exploited through the L1TF vulnerability, private data may be accessible to malicious hackers remotely and virtually. However, such an exploit does demand that the attacker get his or her hands on the device in question before hand to grant permissions for the execution of code on the intended device.

To mitigate the consequences of this vulnerability along with several other similar exploit possibilities, Microsoft has released a good number of updates that target the loopholes and chains through which attackers can manage to gain such access. Windows users are urged to keep their devices up to date with the latest updates and apply all patches, protections, and firmware updates as released.

For Enterprise systems that employ the Microsoft Windows OS, administrators are suggested to survey their network systems for the usage of risky platforms and the level of their integration in the company’s common use. They are then suggested to log the Virtualization Based Security (VBS) on their networks, targeting particular clients in use to collect data of impact. After analyzing the level of threat, administrators should apply the relevant patches for the relevant risky clients employed in their IT infrastructures.


Leave a Reply

Your email address will not be published.

Close