Notification

Icon
Error

TLBleed Vulnerability

Posted: Tuesday, June 26, 2018 2:29:32 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,565
1
Like
Dutch researchers found a new vulnerability in Intel processors which have Hyper-threading enabled.

The vulnerability allows the extraction of crypto keys from other programs running on the same processor by exploiting the processor's translation lookaside buffer (TLB). According to all reports, for this vulnerability to be exploited, direct access to the vulnerable system is required. Access through a direct logon or malware. There are currently no reports of this vulnerability having been exploited in the wild.

At this point, Intel has no plans to release a fix for this vulnerability. If you're interested in the full story you can find it here.

To find assets on which this vulnerability could potentially be exploited on, you can run the report below. This report displays all assets which have Intel processors with more logical cores than physical cores (indicating the presence of Hyper-Threading).

You can find a guide on how to add this report to your Lansweeper installation here.

Code:
Select Distinct Top 1000000 tsysOS.Image As icon,
  tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssets.Username,
  tblAssets.Userdomain,
  tblAssets.IPAddress,
  tblAssets.Firstseen,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblProcessor.NumberOfCores,
  tblProcessor.NumberOfLogicalProcessors,
  Case
    When tblProcessor.NumberOfCores < tblProcessor.NumberOfLogicalProcessors
    Then 'hyperthreading enabled'
    Else 'hyperthreading disabled'
  End As HyperthreadingCheck
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
  Inner Join tblProcessor On tblAssets.AssetID = tblProcessor.AssetID
Where Case
    When tblProcessor.NumberOfCores < tblProcessor.NumberOfLogicalProcessors
    Then 'hyperthreading enabled'
    Else 'hyperthreading disabled'
  End Like '%enabled%' And tblAssetCustom.State = 1 And
  tblProcessor.Manufacturer Like '%Intel%'
Order By tblAssets.Domain,
  tblAssets.AssetName

Active Discussions

Lansweeper NEW TAB
by  TinyTunerz   Go to last post Go to first unread
Last post: Today at 1:39:19 PM(UTC)
Lansweeper Force SNMP?
by  JacobH  
Go to last post Go to first unread
Last post: Today at 1:11:46 PM(UTC)
Lansweeper LSAgent has forgotten x64 Windows applications
by  thoughtmonkey   Go to last post Go to first unread
Last post: Today at 8:06:40 AM(UTC)
Lansweeper Lsremote "No supported authentication methods!"
by  Duiker  
Go to last post Go to first unread
Last post: Today at 7:52:24 AM(UTC)
Lansweeper Scan Uptime.
by  TimAlex   Go to last post Go to first unread
Last post: Today at 7:32:41 AM(UTC)
Lansweeper Performance scanning - incorrect values
by  Richard_Lan  
Go to last post Go to first unread
Last post: Yesterday at 4:26:02 PM(UTC)
Lansweeper Windows firewall rules
by  pryan67   Go to last post Go to first unread
Last post: Yesterday at 2:56:52 PM(UTC)
Lansweeper Run outside of our domain?
by  pryan67  
Go to last post Go to first unread
Last post: Yesterday at 2:53:05 PM(UTC)