Notification

Icon
Error

Intel Foreshadow Vulnerability

Posted: Monday, August 20, 2018 1:54:28 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,310
11
Like
Researchers have identified new vulnerabilities in many Intel processors called Foreshadow or L1TF (L1 Terminal Fault). This vulnerability consists of 3 major vulnerabilities:
  • CVE-2018-3615: Vulnerability in the Intel software guard extension (SGX).
  • CVE-2018-3620: L1 data cache vulnerability on the operating system and system management mode level.
  • CVE-2018-3646: L1 data cache vulnerability on the virtual machine manager.
This vulnerability allows attackers to read data in shared resource environments like cloud and virtual environments from the processor's L1 data cache. You can find the full technical details in the Microsoft analysis on the Intel website and the researcher's website.

All assets shown in the report below are potentially vulnerable to CVE-2018-3620 and CVE-2018-3646. Additionally the report displays if the asset is vulnerable to CVE-2018-3615 (GSX) or not. The report cross-references assets in your network with Intel's list of vulnerable processors.

Once you've identified possible vulnerabilities, we recommend following the following mitigation guides depending on your assets:
You can find a guide on how to add this report to your Lansweeper installation here.
Code:
Select Distinct Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblAssets.Processor As CPU,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  Case
    When (tblAssets.Processor Like '%E5-%' And (tblAssets.Processor Like '%v5%'
      Or tblAssets.Processor Like '%v6%')) Or
      ((tblAssets.Processor Like '%I3-6%' Or tblAssets.Processor Like '%I3-7%'
      Or tblAssets.Processor Like '%I3-8%') Or
      (tblAssets.Processor Like '%I5-6%' Or tblAssets.Processor Like '%I5-7%' Or
      tblAssets.Processor Like '%I5-8%') Or (tblAssets.Processor Like '%I7-6%'
      Or tblAssets.Processor Like '%I7-7%' Or tblAssets.Processor Like '%I7-8%')
      Or (tblAssets.Processor Like '%I9-6%' Or tblAssets.Processor Like '%I9-7%'
      Or tblAssets.Processor Like '%I9-8%')) Then 'Yes'
    Else 'No'
  End As [Potentially Vulnerable to SGX],
  tblAssets.Lastseen,
  tblAssets.Lasttried
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Where ((tblAssets.Processor Like '%I3-%' Or tblAssets.Processor Like '%I5-%' Or
      tblAssets.Processor Like '%I7-%' Or tblAssets.Processor Like '%I9-%') Or
    ((tblAssets.Processor Like '%34__%' Or tblAssets.Processor Like '%36__%' Or
        tblAssets.Processor Like '%55__%' Or tblAssets.Processor Like '%56__%'
        Or tblAssets.Processor Like '%65__%' Or tblAssets.Processor Like
        '%75__%' Or tblAssets.Processor Like '%E3-%' Or
        tblAssets.Processor Like '%E5-%' Or tblAssets.Processor Like '%E7-%' Or
        tblAssets.Processor Like '%D-21%' Or tblAssets.Processor Like '%D-15%')
      And tblAssets.Processor Like '%Xeon%') Or ((tblAssets.Processor Like
        '%Bronze%' Or tblAssets.Processor Like '%Silver%' Or
        tblAssets.Processor Like '%Gold%' Or tblAssets.Processor Like
        '%Platinum%'))) And tblAssetCustom.State = 1
Order By tblAssets.Domain,
  tblAssets.AssetName

Active Discussions

Lansweeper Mozilla Firefox Remote Execution Vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: 10/5/2018 12:33:36 PM(UTC)
Lansweeper Lansweeper 7 Released
by  Esben.D  
Go to last post Go to first unread
Last post: 9/19/2018 1:33:10 PM(UTC)
Lansweeper MEGA Chrome Extension Vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: 9/6/2018 1:25:43 PM(UTC)
Lansweeper Intel Foreshadow Vulnerability
by  Esben.D  
Go to last post Go to first unread
Last post: 8/20/2018 1:54:28 PM(UTC)
Lansweeper 2018 Sysadmin Day Giveaway
by  Esben.D   Go to last post Go to first unread
Last post: 8/3/2018 9:37:51 AM(UTC)
Lansweeper Our New Website is Live!
by  Esben.D  
Go to last post Go to first unread
Last post: 7/4/2018 2:08:16 PM(UTC)
Lansweeper TLBleed Vulnerability
by  Esben.D   Go to last post Go to first unread
Last post: 6/26/2018 2:29:32 PM(UTC)
Lansweeper Google Chrome Arbitrary Code Execution Vulnerability
by  Esben.D  
Go to last post Go to first unread
Last post: 5/31/2018 3:35:48 PM(UTC)