2018 has been quite a tough year for Intel. And yet, they disclosed three more vulnerabilities in its processors that can be exploited by malware and malicious virtual machines to potentially steal secret information from computer memory. We've created a Foreshadow report to help you find exploits in your network.
Foreshadow is a speculative execution attack on Intel processors which allows an attacker to steal sensitive information stored inside personal computers or third-party clouds. Foreshadow has two versions, the original attack designed to extract data from SGX enclaves and a Next-Generation version which affects Virtual Machines (VMs), hypervisors (VMM), operating system (OS) kernel memory, and System Management Mode (SMM) memory.
At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative execution attacks such as Meltdown and Spectre, Foreshadow demonstrates how speculative execution can be exploited for reading the contents of SGX-protected memory as well as extracting the machine's private attestation key.
Following the discovery of Foreshadow (CVE-2018-3615), Intel identified two closely related variants, potentially affecting additional microprocessors, SMM code, Operating system, and Hypervisor software. We collectively refer to these Intel-discovered variants as Foreshadow-NG (Next Generation, CVE-2018-3620, and CVE-2018-3646), whereas Intel refers to this entire class of speculative execution side channel vulnerabilities as "L1 Terminal Fault" (L1TF). More information on L1TF can be found here.
Lansweeper can tell you in no time which devices are vulnerable to Foreshadow and need to be patched. Instructions on how to find affected devices can be found in this step-by-step guide.