A Hardware Vulnerability That's the Worst of the Worst


A vulnerability in the Intel CPU chipset could allow hackers the ability to launch a System Management Mode (SMM) attack by way of CPU caching. The attack would allow privileged escalation from ring 0 to SMM. To put this in persepective, the kernel runs in ring 0 along with some hypervisors. The OS cannot even interrupt or override SMM.


This is a very uncommon vulnerability and requires a fairly sophisticated attacker to be able to pull off the exploit. Intel was made aware of this problem back in 2005 by its own employees, yet did nothing to patch the vulnerability. Two Polish researchers made Intel aware of the vulnerability again in 2008 yet did nothing to patch it. If an attacker were to write a root-kit and put it in the SMM, it would be undetectable and difficult to remove.


A research paper and code example will be released today outlining the vulnerability and how the SMM can be exploited. We have to ask, are we better off publishing the vulnerability or keeping it a secret?


If they publish it, it might force Intel to finally patch it. However, why publish it? Let's not just give it to the bad guys -- make them figure it out themselves. This should give Intel enough time to figure out a fix.


In my opinion, this needs to be fixed sooner or later. Intel has been using security through obscurity and so far it has worked. After tomorrow, it will be a whole new ball game.