Discover what’s new in Lansweeper – Explore our 2024 Summer Launch! šŸš€ Learn more

TRY NOW
News

New Plundervolt Attack Hits Intel Processors. Audit Now!

2 min. read
11/12/2019
By Nils Macharis
Intel-SGX-Plundervolt-Attack-Vulnerability

āš” TL;DR: Go Straight to the Plundervolt Vulnerability Audit Report.

Dubbed Plundervolt and tracked as CVE-2019-11157, the latest Intel attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which can be modified in a controlled way to induce errors in the memory by flipping bits. By ā€˜undervoltingā€™ the CPU, Intelā€™s secure enclave technology becomes vulnerable to attack.

The Plundervolt attack targets Intel Software Guard eXtensions (SGX) and resembles more with speculative execution attacks like Foreshadow and Spectre. However, Speculative execution attacks like Foreshadow or Spectre allow reading data from SGX enclave memory while Plundervolt achieves the complementary operation, namely changing values in SGX-protected memory.

Pundervolt was first reported on June 7, 2019, by a group of international researchers from The University of Birmingham, our fellow Belgians at imec-DistriNet, KU Leuven, and the Graz University of Technology.

https://twitter.com/LeuvenU/status/1204679990052360194

The security team released a dedicated website with FAQs and a detailed technical paper titled ā€œPlundervolt: Software-based Fault Injection Attacks against Intel SGXā€.

The following CPU series are vulnerable to attacks:

  • IntelĀ® 6th, 7th, 8th, 9th & 10th Generation CoreTM processors
  • IntelĀ® XeonĀ® Processor E3 v5 & v6
  • IntelĀ® XeonĀ® Processor E-2100 & E-2200 families

Microcode and BIOS updates were released as part of Intelā€™s security advisory INTEL-SA-00289.

Run the Plundervolt Vulnerability Audit Report

If you currently have Intel processors deployed in your network, it’s pretty critical that you update them at the earliest opportunity to ensure that you don’t fall prey to these vulnerabilities.

Our Intel Plundervolt Vulnerability Audit can tell you in no time which devices are affected and need to be patched.

menu software anti virus settings
Intel Plundervolt Audit

If you haven’t already, start your free Lansweeper trial to run the Plundervolt Audit Report.

NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.