Notification

Icon
Error

TLBleed Vulnerability

Posted: Tuesday, June 26, 2018 2:29:32 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,982
1
Like
Dutch researchers found a new vulnerability in Intel processors which have Hyper-threading enabled.

The vulnerability allows the extraction of crypto keys from other programs running on the same processor by exploiting the processor's translation lookaside buffer (TLB). According to all reports, for this vulnerability to be exploited, direct access to the vulnerable system is required. Access through a direct logon or malware. There are currently no reports of this vulnerability having been exploited in the wild.

At this point, Intel has no plans to release a fix for this vulnerability. If you're interested in the full story you can find it here.

To find assets on which this vulnerability could potentially be exploited on, you can run the report below. This report displays all assets which have Intel processors with more logical cores than physical cores (indicating the presence of Hyper-Threading).

You can find a guide on how to add this report to your Lansweeper installation here.

Code:
Select Distinct Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  tblAssets.IPAddress,
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblProcessor.NumberOfCores,
  tblProcessor.NumberOfLogicalProcessors,
  Case
    When tblProcessor.NumberOfCores < tblProcessor.NumberOfLogicalProcessors
    Then 'hyperthreading enabled'
    Else 'hyperthreading disabled'
  End As HyperthreadingCheck
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Inner Join tblProcessor On tblAssets.AssetID = tblProcessor.AssetID
Where Case
    When tblProcessor.NumberOfCores < tblProcessor.NumberOfLogicalProcessors
    Then 'hyperthreading enabled'
    Else 'hyperthreading disabled'
  End Like '%enabled%' And tblAssetCustom.State = 1 And
  tblProcessor.Manufacturer Like '%Intel%'
Order By tblAssets.Domain,
  tblAssets.AssetName

Active Discussions

Lansweeper Wake on Lan Issues
by  miharix   Go to last post Go to first unread
Last post: Yesterday at 6:23:13 PM(UTC)
Lansweeper Export Ticket List
by  Yassine Dakir  
Go to last post Go to first unread
Last post: Yesterday at 12:29:07 PM(UTC)
Lansweeper AWS scanning appears to only cover 1 account
by  Vincent Pollock   Go to last post Go to first unread
Last post: 2/23/2021 9:26:04 PM(UTC)
Lansweeper TCP 445 to external IP during LS scan?
by  jvogler  
Go to last post Go to first unread
Last post: 2/23/2021 8:02:06 PM(UTC)
Lansweeper Use Wildcard for User Name in Allowed Administrator
by  FP  
Go to last post Go to first unread
Last post: 2/22/2021 10:33:25 PM(UTC)
Lansweeper Helpdesk report for tickets for all on one reason
by  TimHolmes1973   Go to last post Go to first unread
Last post: 2/22/2021 7:22:56 PM(UTC)
Lansweeper Issues Updating
by  FrankSc  
Go to last post Go to first unread
Last post: 2/22/2021 11:06:50 AM(UTC)