14 DAY TRIAL // The United States Computer Emergency Readiness Team (US-CERT) has issued an advisory which reveals that a number of companies may be impacted by a vulnerability that affects some 64-bit operating systems and virtualization software that relies on Intel CPU hardware.
If successfully leveraged, the security hole could be exploited for local privilege escalation or a guest-to-host virtual machine escape.
“A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker's chosen RSP causing a privilege escalation,” reads US-CERT’s description.
The report also includes the responses from certain affected vendors such as Xen, FreeBSD, Microsoft and Red Hat. The list of the impacted organizations is completed by Intel Corporation, NetBSD, Oracle Corporation and SUSE Linux.
Red Hat has acknowledged that the problem may exist in Enterprise Linux 5 because the Xen hypervisor implementation doesn’t “properly restrict the syscall return addresses in the sysret return path to canonical addresses.”
Microsoft admitted that the vulnerability could be leveraged by an attacker to install programs, create new accounts with complete privileges, and view or alter data.
The Redmond company, however, revels a number of mitigation factors, including the fact that only Intel x64-based versions of Windows 7 and Windows Server 2008 R2 are affected, and systems that utilize ARM-based or AMD processors are not impacted.
Furthermore, an attacker would require a set of valid logon credentials because anonymous or remote users could not exploit the vulnerability.
Companies that are not affected by the issue include, AMD, Apple and VMWare. There are four other suspects, but it’s uncertain at this time if they’re impacted: Debian Linux, Fedora, Gentoo and Hewlett-Packard.