Spectre looms again as another exploit leaves Intel CPUs vulnerable

Bill Roberson/Digital Trends

The array of speculative execution exploits that fall under the umbrella of Spectre has added a new variant to worry about. Bitdefender has disclosed a modified version of the Spectre 1 bug known as the SWAPGS vulnerability, which could allow malware to snoop on private memory, potentially revealing all sorts of secrets about a system and its user to hackers. Fortunately, Microsoft and other operating system manufacturers patched this bug long ago, so as long as your install of Windows is up to date, you should be safe and sound.

Like many of the Spectre variants we’ve seen over the last couple of years, SWAPGS affects most x86 or x64 processors released this decade, with Bitdefender claiming, via Forbes, that “all Intel CPUs manufactured between 2012 and today are vulnerable to the SWAPGS exploit.” A Red Hat advisory suggests that AMD CPUs are also vulnerable to this potential attack, but that’s disputed by AMD. It claims that based on internal and external testing, it doesn’t believe AMD hardware is vulnerable to this type of Spectre attack.

Bitdefender concurred, stating that following testing it completed, it hasn’t been able to replicate this attack on AMD CPUs.

“We tested two AMD CPUs: AMD64 Family 16 Model 2 Stepping 3 AuthenticAMD ~3211 Mhz and AMD64 Family 15 Model 6 Stepping 1 AuthenticAMD ~2100 Mhz and neither exhibited speculative behavior for the SWAPGS instruction,” it said in a statement, via BleepingComputer.

[youtube https://www.youtube.com/watch?v=S-m7XVBzusU?feature=oembed&w=100&h=100]

Fortunately, Windows has been fully patched against it, so whatever chip you’re using, Windows users need not fear SWAPGS if they have a fully updated operating system. Bitdefender, Intel, and Microsoft have been working for more than a year to fix this particular exploit, as it is distinct from existing Spectre variants and isn’t affected by any previous fixes for other speculative execution attack vectors.

The Windows patch was released as part of Microsoft’s July 2019 Patch Tuesday security updates. We’re only hearing about it now because of a coordinated disclosure among hardware and software developers to alert the public that the exploit has mostly been mitigated through software changes.

If, for whatever reason, you believe that your system hasn’t been updated, all you need do is run Windows update a few times. You can find it by searching for Windows update in the Windows search bar. Select Windows Update Settings and then select Check for Updates. Alternatively, check out our guide on how to install the latest version of Windows to get you fully up to date and protected.

While this latest exploit isn’t something to get too worried about, it does remind us that speculative execution bugs are here to stay and will continually be found until processor design changes fundamentally at the hardware level. Intel’s Ice Lake introduced a number of hardware fixes, but perhaps it’s time to introduce a secure core to make these sorts of exploits redundant.

Editors’ Recommendations

  • ZombieLoad is Meltdown resurrected. Here’s how to secure your PC right now

  • Amazon Prime Day slashes prices on AMD Ryzen 7 and Intel Core i7 CPU systems

  • Zombieload forces a choice between performance and security. What will you do?

  • NSA warns about Windows exploit, ignores its own role in creation of malware

  • Intel vs. AMD at Computex 2019






Related posts

Latest posts

Qualcomm’s new chip looks like a big upgrade for mid-range phones

Qualcomm's Snapdragon 6 Gen 4 chip could bring a much-needed power boost to midrange phones, improving overall performance and AI functionality.

Windows 10 KB5051974 update adds a new app without asking

Microsoft has released the KB5051974 cumulative update for versions 22H2 and 21H2, adding security fixes and patching a memory leak. However, as reports, the update also includes a surprise: the new Outlook for Windows app. The update is mandatory because it includes the January 2025 Patch Tuesday security updates. Once you install it, you will […]

Google’s Gemini is getting a lot smarter for iPhone users

Google is bringing Gemini's Deep Research function to iPhone, allowing access to in-depth research and comprehensive queries.

The Apple Watch SE and Samsung Galaxy Watch 6 are both on sale

If you’ve been waiting to invest in a smartwatch, today’s your lucky day! For a limited time, both the Apple Watch SE and Samsung Galaxy Watch 6 are on sale.

Nvidia may release the RTX 5070 in March to counter AMD’s RDNA 4 GPUs

It is speculated that the RTX 5070 launch has been moved to March to counter AMD's Radeon RX 9070 series.

A native Android Apple TV app is now in the Google Play store

After originally being released five years ago, a full-functioning Apple TV app has come to Android devices.

OpenAI nixes its o3 model release, will replace it with ‘GPT-5’

OpenAI CEO Sam Altman announced Wednesday that there will be no standalone o3 model release because it's getting rolled into whatever GPT-5 is going to be.

This Asus OLED laptop just dropped below $1,000 at Best Buy

The Asus Vivobook Pro 15 OLED laptop, which features the Intel Core Ultra 9 Series 1 processor and 24GB of RAM, is now on sale from Best Buy for below $1,000.

Framework keeps fans guessing on February launch event product details

Modular computing company, Framework has announced a launch event for second-generation devices and had opened invites to enthusiasts.

Why do health apps fail? Research bursts the hype with clear evidence

According to research published in Nature, a majority of users living with serious health conditions fail to follow fitness guidance given exclusively via apps.