Foreshadowing disaster:

Ways to protect a PC from Foreshadow flaws

It looks like Intel processors are having a tough 2018 and the spate of misfortune and vulnerabilities isn’t going to end soon. Foreshadow, also dubbed L1 Terminal Fault, is an ongoing issue with a chip design feature called speculative execution that can potentially affect millions of Intel chips and can be used by malware to steal sensitive data.

Foreshadow lets malicious software break into secure areas that even the previous Spectre and Meltdown bugs couldn’t crack. Here are a deeper look into the problem and smart ways on how to keep safe from Intel Foreshadow attacks.

What is Foreshadow?

Foreshadow is a weakness that attacks the Software Guard Extensions (SGX) feature of Intel, built into chips since 2015 to allow programs to create secure enclaves that cannot be accessed even by other programs on the computer. In short, SGX was designed to protect code from being modified or disclosed.

In theory, the secure enclave is safe and untouched even if there’s malware on the computer. But in this weakness, a hacker could create a program exploiting the vulnerability to read data that was thought to be secure in the CPU even if the main system was compromised. Suddenly there’s the danger that the data in a secure enclave could still be copied elsewhere and then accessed.

There are two related attacks involved, including one called “Foreshadow Next Generation” or simply Foreshadow-NG. They permit access to information in System Management Mode (SMM) or a virtual machine hypervisor.

According to Intel, Foreshadow was first documented by two sets of researchers back in January 2018. The vulnerability has been called CVE-2018-3615. Further variants extended the weakness to new SGX-enabled chips running hypervisors and have been dubbed CVE-2018-3620 and CVE-2018-3646.

The famed chip company discovered Foreshadow only days after the world got wind of the Spectre and Meltdown mega-flaws. Foreshadow is the latest and probably most notable example of the so-called Spectre-NG flaw.

How the flaw works?

These weaknesses harness flaws in speculative execution. In modern processors, the code that might run next is guessed and executed preemptively in order to save time. Once a program attempts to run the code, it’s been done and the processor knows what the results are. If it doesn’t do so, the processor can ditch the results.

This speculative execution, though, leaves behind some information. Here’s an example. Based on the time it takes for a speculative execution process to perform specific requests, programs are able to infer the data in an area of memory, even without access to that area. Malicious programs could access data stored in the L1 cache – the low-level memory on the CPU that stores secure cryptographic keys – since they can abuse these methods to read protected memory.

Attackers just need to run code on the computer to exploit Foreshadow. No special permissions are required: it could simply be software operating in a virtual machine or a standard user program without low-level system access.

A list of affected CPUs

Users who bought an Intel system after late 2015 face a high likelihood that it contains an affected CPU. Note that AMD and other vendors not using SGX don’t need to be concerned with how to keep safe from Intel foreshadow attacks.

  • Intel Xeon Processor D (1500, 2100)
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor E7 v1/v2/v3/v4 Family
  • Intel Xeon Processor E5 v1/v2/v3/v4 Family
  • Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
  • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
  • Intel Core X-series Processor Family for Intel X99 and X299 platforms
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
  • Intel Core i3/i5/i7/M processor (45nm and 32nm)

Intel said that systems that have already applied firmware updates made available earlier this year, besides applicable OS updates, should already be shielded from Foreshadow. Things, however, might be more complicated in data centers that run hypervisors prone to Foreshadow-NG attacks.

With Intel’s apparent long-term solution of designing the weaknesses out of its future CPUs, it might take time to restore normalcy in this side of the chip trade.

How to protect your Windows computer now?

Here are simple yet radically effective ways to get protected today:

  1. Update your BIOS. Keep your laptop or desktop up to date by installing the latest BIOS updates from the manufacturer of the laptop or motherboard (for a PC). Usually, this involves CPU microcode updates.
  2. Update Windows.Don’t be content with microcode updates alone, as they work alongside the OS updates to protect against malware that could take advantage of Foreshadow. Microsoft’s official security advisory assured that most Windows PCs need only OS updates in order to protect themselves from the Foreshadow flaw. Run Windows Update to install the latest patches.
  3. Run anti-malware software. Maintain up-to-date protection on your desktop or laptop, which can help detect and stop malware in its tracks before Windows or the processor’s security safeguards are even activated. Auslogics Anti-Malware offers topnotch protection against malware and data safety threats, detecting malicious items not previously suspected to exist, flexibly scheduling automatic scans, and doubling protection by catching items your antivirus may miss.

Make sure Auslogics Anti-Malware is always on to protect your PC.

These flaws may be proof-of-concept right now, but it’s best to think up and execute ways to protect a PC from Foreshadow flaws early on while future Intel CPUs are getting armed with hardware improvements for every user’s peace of mind.