Intel last week released six advisories covering a range of products, the most interesting of which is a flaw discovered in the company’s Software Guard Extensions (SGX) built into all Intel processors since the company’s sixth-generation Skylake processors in 2015.
Discovered by independent researcher SaifAllah benMassaoud, the latest SGX vulnerability (CVE-2018-18098) is a weakness in the software layer that enables SGX hardware that could allow what Intel euphemistically describes as “escalation of privilege or information disclosure.”
SGX makes possible ‘secure enclaves’ that can be used for a variety of purposes, including Digital Rights Management (DRM). Essentially, an application can put whatever data it is working on into one of these so that no other application can access, compromise or copy it.
Intel offers few details as to how this flaw affects that integrity. However, benMassaoud told The Register that a simple batch script sent via email could be used to launch an attack exploiting the flaw:
Once the file is opened by the victim who uses the affected software, it will automatically download and execute a malicious code from attacker’s server to the vulnerable setup version of Intel SGX SDK and Platform Software on the victim’s machine.
There’s also a video that demonstrates the proof of concept.
This is the third issue found in SGX in less than a year, the most notable examples of which were the Foreshadow flaws that came to light last August.
That was more serious because it resulted from the way SGX is implemented in hardware rather than software but for admins it’s still a new to-do sticky note.
The thing about technologies such as SGX from a patching point of view is that it is a software layer not everyone realises they have. Intel’s advisory lists the affected products as being:
- Intel® SGX SDK for Windows before 2.2.100
- Intel® SGX SDK for Linux before 2.4.100
- Intel® SGX Platform Software for Windows before version 2.2.100
- Intel® SGX Platform Software for Linux before version 2.4.100
That means that patching the flaw is something for developer- and system-makers rather than end users.
What to do?
If your computer dates from after 2015 and contains a Skylake processor (AMD and others not being affected), your system maker should issue an update in time. Admins can download the recommended patches through a patching system or direct with an Intel account.
But don’t forget to check Intel’s Security Center just in case there any new advisories that might need attention.