What you need to know
- A vulnerability could allow attackers to access information stored in a system's protected kernel memory.
- All Windows PCs with an Intel processor built after 2012 are affected.
- A security patch is available to address the problem and has already rolled out through July's Patch Tuesday.
A newly found vulnerability puts all Windows PCs with an Intel processor built after 2012 at risk (via ZDNet). The side-channel attack can bypass protections that were put in place to protect devices from the Spectre and Meltdown exploits. A bug fix to the issue rolled out as part of July Patch Tuesday. Devices that have delayed the update or that are unsupported are still at risk.
The bug exploits SWAPGS, and as a result has gained the name SWAPGSAttack. If an attacker successfully utilized SWAPGSAttack, they could monitor and steal sensitive information without being noticed or leaving a trace. Bitdefender has a post explaining the vulnerability and has published a whitepaper on it. The post explains how an attack taking advantage of this vulnerability is unique.
The attack is a novel approach of leaking sensitive information from the kernel since it bypasses all known side-channel attack mitigation techniques. This is achieved by abusing the fact that SWAPGS instruction can be executed speculatively. An attacker can force arbitrary memory dereferences in kernel, which leaves traces within the data caches. These signals can be picked-up by the attacker to infer the value located at the given kernel address.
Bogdan Botezatu, director of threat research at Bitdefender, explained in a statement to ZDNet how the vulnerability could be used by an attacker to get sensitive data, including passwords.
It'll go through all of the alphabet letters up until it can infer what your password is. So I can infer information about your password by querying things. I can infer information about encryption keys you have on the device, I can infer information about everything that goes into that cache.
This type of attack is slower than some methods but can be used in situations in which an attacker has a long time.
BitDefender discovered the vulnerability and revealed it at a Black Hat session recently. Black Hat worked with Intel, Microsoft, and others to create the fix that rolled out as part of Patch Tuesday in July.
Portable (and affordable) power accessories we love
Each and every one of these charging gadgets will keep your favorite gear and gadgets going for longer, and none of them costs more than $30.
VisionTek 8,000 mAh micro-USB power bank ($13 at Dell)
This compact dual-output powerbank can speedily recharge any and all your devices, thanks to a two-amp "fast charge feature," using its micro-USB out port. Its simple design includes an LED indicator, and it costs about as much as a single ticket to the movies.
Panasonic eneloop AA batteries (From $13 at Dell)
Panasonic's rechargeable batteries are among the best available, and just a couple of them will keep your favorite remote, mice or other peripherals powered up when you need them. They're also eco. And the company's affordable charger fits and charges both AA and AAA batteries at the same time.
Belkin Qi Wireless Charging Pad ($30 at Dell)
This unobtrusive Qi wireless charging pad looks good (and kind of like a UFO …) and easily charges all your Qi-compatible device up to 5W. Its LED indicator lights up when you're charging. And it costs just $30.
We may earn a commission for purchases using our links. Learn more.
Update 6: Microsoft wants all of TikTok, but Trump's order may interfere
The Financial Times reports that as part of negotiations, Microsoft is now inquiring whether it can buy all of TikTok, instead of just the business in the US., Canada, Australia, and New Zealand. This new plan would include India and Europe (and excluding China).
Surface Duo and double Dans take over this week's Android Central podcast
Need even more Surface Duo in your life? Check out the latest Android Central podcast, in which Daniel Rubino and Daniel Bader (double the Dans!) discuss Surface Duo, Microsoft's Samsung love affair, and Project xCloud.
This is the best Windows 10 tablet you can buy right now
There are many Windows 10 tablets on the market, but it's hard to sort through the rubbish. Here's our picks for the best Windows 10 tablets you can buy right now. At the top of our list is the Surface Pro X, which we think is the best due to its ARM processor, large display, and thin form factor while still packing good battery life and excellent performance.
Secure your business with these Dell tools
Are you an IT professional or business owner that wants to heighten security? Dell Technologies has the products you need to keep your files, hardware, and more, as secure as possible.