US-CERT discloses security flaw in Intel chips

The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems, security experts say.

The flaw was disclosed the vulnerability in a security advisory released this week. Hackers could exploit the flaw to execute malicious code with kernel privileges, said a report in the Bitdefender blog.

"Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack," the US-CERT advisory says. "The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape."

Intel did not respond to a request for comment.

Operating systems exposed to the vulnerability include Windows 7, Windows Server 2008 R2, 64-bit versions of FreeBSD and NetBSD, as well as systems that include the Xen hypervisor, Bitdefender said Friday. "While 32-bit operating systems are safe, Intel CPUs that use the Intel 64 extension need the security patches released by Microsoft in their MS12-042 security bulletin."

The flaw stems from the way the CPUs implement error handling in their version of the SYSRET instruction, which is part of the x86-64 standard defined by Advanced Micro Devices, according to the Xen community blog. "If an operating system is written according to AMD's spec, but run on Intel hardware, the difference in implementation can be exploited by an attacker to write to arbitrary addresses in the operating system's memory."

AMD processors are not affected, as well as VMware's virtualization software, which doesn't use the SYSRET instruction, Bitdefender said.

Besides Microsoft and Intel, vendors whose products are affected include Joyent, Citrix, Oracle, Red Hat and SUSE Linux, US-CERT says.

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

• Tweet