CyberArk: Windows 10 Vulnerable To Rootkits Via Intel's Processor Trace Functionality

Status
Not open for further replies.

shrapnel_indie

Distinguished
Microsoft may have realized that it can’t easily fix this with a simple update, as CyberArk also said. Therefore, it may have postponed the fix until either it creates a more advanced kernel protection architecture in a future version of Windows or until Intel finds a way to stop this type of attack in future chip generations. Until then, Windows 10 will likely continue to be vulnerable to rootkits enabled by malware that has already bypassed Windows Defender or other Windows protections.
Or until this becomes such a huge problem they can't just shove it on the back-burner any longer. (I hope it never does.)
 
G

Guest

Guest
It appears that it is never Microsoft fault...guess what Windows sucks and it did always suck.
 

kinggremlin

Distinguished
Jul 14, 2009
483
9
18,785
0


The way MS described the exploit, it doesn't sound like it would make any sense for them to try and patch. If the attacker has to already have access to the kernal, addressing this vulnerability would be like stressing that your bedroom door doesn't have a secure enough lock on it for preventing robbers from getting in it. If robbers are trying to get into your bedroom, it means they have already gotten into your home which is the much bigger issue that needs to be addressed.
 

plattyaj

Distinguished
Sep 9, 2009
28
0
18,530
0
This is down deep in the kernel, so couldn't somebody do exactly the same on Linux/x86 or OSX. There wasn't enough in the article to explain why this would be specific to Windows, more that it can defeat something that they tried to prevent happening.
 

chicofehr

Distinguished
Jan 29, 2012
532
0
18,990
2
Microsoft and Intel should work together so the current generation can be fixed before its exploited. Maybe a bios update plus software update or something.
 

alextheblue

Distinguished
Apr 3, 2001
2,904
32
20,820
2

Freak is a known anti-MS troll. He regularly "contributes" to any article with the keywords "Microsoft" and/or "Windows" by sharing his errm, "constructive and valuable criticism".


Perhaps they can add a toggle for the feature in the BIOS - preferably defaulting to "off".

 

shiitaki

Distinguished
Aug 20, 2011
43
0
18,540
3
The reason it is Microsoft's fault is the abundant vectors for attack provided by Microsoft in the first place. Why does my Word macro need to have so much power on my computer? Why does my Word processor need admin rights? This is a systemic issue brought about as a result of an ideology to coddle and worship developers, the downside being you have so many ways to violate the system.

To compound this is issue is the design ethos that constantly falls back on requiring people to constantly click 'Okay' buttons while using a computer, most people won't even take the time to read the dialog boxes because they are common to the use of Windows.

The Windows OS is meant to be supported by IT staff, and to that end Microsoft really has nothing for the end user other than being cheap. As far as a the Microsoft store goes, we are supposed to rely on Microsoft who allowed obvious fraudulent applications without any review in their store? That Microsoft app store?

This is bad because in combination with other know exploits, as in the infamous Word macro kind of attack, or even Microsoft's own Windows Defender engine, this is going to be a source of pain for a long time to come. The fact that Word macros have yet to be addressed in over two decades shows how poor Microsoft takes security.

Yes, it is Microsoft's fault, for why this is going to be really bad for millions of users.
 

danger007

Reputable
May 29, 2016
12
0
4,510
0
One simple fix would be Microsoft go back to the beginning of the Windows Code and see how they can bring it up to date, shorten it or even eliminate it. There is despite comments to the contrary, 3.1, xp, vista, 7 and 8 in some of the code. Microsoft has at times dependent upon some of the old code for the new code to work the way it should and has left many lines of old code beneath newer code. I don't think Microsoft will go back to the start and recreate a more modern version of the code that yanks out all the odd and the bloat and create a tight, neat, and reliable code that they look at what hackers have found in the past, what tools used, etc., and bring in some of the biggest known hackers, for a paid fee, to show where there is still openings in the newer rewritten code, but have them work in an enclosed environment so that you can have other hackers verify and then the white hats do a final verification with solution or that code stays in till resolved.

These type of hardware level problems in cpu's could start to be more common. I never thought AMD would ever have a chance to get back even or above Intel in the CPU market. I still won't buy AMD. The problems I had with a graphics card in my laptop precludes me from dropping any money on AMD products. However their return to challenge Intel with a product that sounds like this is what they needed to get back in, could results in CPU's being rushed into production with less Q/A, Validation and other checks to ensure future problems like the HT issue and now this, don't become more rampant. So this could be just the beginning, especially with the speedy release by Intel of 6/8 cores and 12/16 threads.
 
Status
Not open for further replies.

ASK THE COMMUNITY

TRENDING THREADS