Google Project Zero (GPZ) security researchers, earlier in the year detected a dangerous security flaw Spectre and Meltdown in Intel, AMD, ARM chipsets found in almost every PC in the world. All the concerned parties soon released the security patch and the operation is still ongoing as the flaw affects massive number brands and several generations of PCs.
Now, Intel in collaboration with GPZ and Microsoft's Security Response Center (MSRC) has uncovered a new strain of similar security flaw dubbed as 'Variant 4'.
Like the Spectre and Meltdown, the new Variant 4 too, takes advantage of "speculative execution," a technique used by most modern processors (CPUs) to optimise performance.
For those unaware, the CPU, in its bid to increase the performance, predicts which path of a branch is most likely to be taken, and will speculatively continue execution down that path even before the branch is completed. If the prediction was wrong, this speculative execution is rolled back in a way that is intended to be invisible to software.
Spectre and Meltdown exploited this speculative execution process to access privileged memory such as passwords, encryption keys, or sensitive information, including that of the kernel—from a less-privileged user process such as a malicious app running on a device.
Now, the Variant 4 uses 'Speculative Store Bypass', a technique which could allow hackers to read older memory values in a CPU's stack or other memory locations. While implementation is complex, this side-channel vulnerability could allow less privileged code to read arbitrary privileged data and also run older commands speculatively, resulting in cache allocations that could be used to exfiltrate data by standard side-channel methods, United States Computer Emergency Readiness Team (US-CERT) has warned.
"We've (Intel) already delivered the microcode update for Variant 4 in beta form to OEM system manufacturers and system software vendors, and we expect it will be released into production BIOS and software updates over the coming weeks," Leslie Culbertson, executive VP and GM of product assurance and security, Intel Corporation said in a statement.
The Variant 4 is classified as a medium risk, as most of the ways it uses to exploit security loopholes have been fixed with the software patches for the Spectre and Meltdown threats. Also, there is that there is no single recorded case of cybercriminals using the Variant 4 to hack the computers yet.
But, the bad news is that the software patch, which will be released in coming weeks is most likely to affect performance.
Similar things happened to devices, which received security update to fix Spectre and Meltdown. Some reported performance issues, while some faced random boot loops, rendering their device useless.
Steps to safeguard the PCs from Spectre, Meltdown, Variant 4 and other security threats:
- Always keep your PCs updated with the latest firmware. Most software companies including Microsoft and Apple usually send software updates weekly or monthly. Always make sure to update them immediately.
- Make sure to use premium antivirus software, which also provides malware protection and Internet security.
- Never ever open emails sent from unknown senders.
- Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
- Disable remote desktop connections. Employ least-privileged accounts. Limit users who can log in using Remote Desktop. Set an account lockout policy. Ensure proper RDP logging and configurations.
- Never ever install plugins (for browsers) and application software on PCs from unfamiliar publishers.
- System administrators in corporate companies should establish a Sender Policy Framework (SPF) for their domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
Stay tuned. Follow us @IBTimesIN_Tech on Twitter and on Google News for latest updates on Cybersecurity.