Almost all major OS vendors released security patches yesterday after a researcher discovered that some OS makers have misinterpreted an Intel CPU debug feature and left their systems open to attacks.
A report from ZDNet explains that newly-disclosed security flaws connected to the Intel and AMD chips used by Macs and PCs (and Linux machines) are at the root of today’s concern, and these vulnerabilities leave your system open to being hijacked by remote users.
Both 32-bit and 64-bit Intel and AMD machines are affected, although ARM chips appear not to be. PC users have two extra reasons to download updates, as dual critical flaws – currently being exploited in the wild – are patched by this month’s round of Windows updates.
Operating systems that mishandle this debug exception and had their systems open to attacks include macOS, Windows, FreeBSD, Red Hat, Ubuntu, SUSE Linux, and other Linux distros based on the Linux Kernel.
As detailed by CERT on Tuesday, the security flaw, labeled CVE-2018-8897, appears to have been caused by developers at Microsoft, Apple, and other organizations misunderstanding the way Intel and AMD processors handle one particular special exception. The vulnerability is in how the OS vendors implemented a hardware debug mechanism for Intel x86-64 architectures —and more specifically the MOV SS and POP SS instructions.
Indeed, CERT noted: “The error appears to be due to developer interpretation of existing documentation.” In other words, programmers misunderstood Intel and AMD’s manuals, which may not have been very clear.
According to Microsoft, there is a flaw in the way that the VBScript engine that allows for remote code execution. Microsoft goes on to confirm the that is exploit is pretty nasty, writing:
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Observed attacks have started with a malicious Word document, which when opened downloads an exploit written in VBScript that’s hosted on a webpage, according to malware analysts at Kaspersky Lab.
Overall, we expect plenty of OS developers are about to be sent to compulsory reeducation sessions on the x86-64 architecture.