March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Thanos Ransomware Auto-spreading to Windows Devices, Evading Security
June 11, 2020Rewterz Threat Advisory – SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
June 11, 2020Rewterz Threat Alert – Thanos Ransomware Auto-spreading to Windows Devices, Evading Security
June 11, 2020Rewterz Threat Advisory – SMBleed: A New Critical Vulnerability Affects Windows SMB Protocol
June 11, 2020
Severity
Medium
Analysis Summary
Cybersecurity researchers have discovered two distinct attacks that could be exploited against modern Intel processors to leak sensitive information from the CPU’s trusted execution environments (TEE). Called SGAxe, the first of the flaws is an evolution of the previously uncovered CacheOut attack (CVE-2020-0549) earlier this year that allows an attacker to retrieve the contents from the CPU’s L1 Cache. The second line of attack, dubbed CrossTalk by researchers from the VU University Amsterdam, enables attacker-controlled code executing on one CPU core to target SGX enclaves running on a completely different core, and determine the enclave’s private keys. The exploit results in a transient execution attack that can recover SGX cryptographic keys from a fully updated Intel machine, which is trusted by Intel’s attestation server.
In response to the findings, Intel addressed the flaw in a microcode update distributed to software vendors yesterday after a prolonged 21-month disclosure period due to the difficulty in implementing a fix.
Impact
- Information Disclosure
- Code Execution
- Unauthorized access
Affected Vendors
Intel
Affected Products
Intel CPUs released from 2015 to 2019
Xeon E3 and E CPUs
Remediation
The company has recommended users of affected processors to update to the latest version of the firmware provided by system manufacturers to address the issue.