New Plundervolt Attack Hits Intel Processors. Audit Now!

Intel-SGX-Plundervolt-Attack-Vulnerability

⚡ TL;DR: Go Straight to the Plundervolt Vulnerability Audit Report.

Dubbed Plundervolt and tracked as CVE-2019-11157, the latest Intel attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which can be modified in a controlled way to induce errors in the memory by flipping bits. By 'undervolting' the CPU, Intel's secure enclave technology becomes vulnerable to attack.

The Plundervolt attack targets Intel Software Guard eXtensions (SGX) and resembles more with speculative execution attacks like Foreshadow and Spectre. However, Speculative execution attacks like Foreshadow or Spectre allow reading data from SGX enclave memory while Plundervolt achieves the complementary operation, namely changing values in SGX-protected memory.

Pundervolt was first reported on June 7, 2019, by a group of international researchers from The University of Birmingham, our fellow Belgians at imec-DistriNet, KU Leuven, and the Graz University of Technology.

The security team released a dedicated website with FAQs and a detailed technical paper titled "Plundervolt: Software-based Fault Injection Attacks against Intel SGX".

The following CPU series are vulnerable to attacks:

  • Intel® 6th, 7th, 8th, 9th & 10th Generation CoreTM processors
  • Intel® Xeon® Processor E3 v5 & v6
  • Intel® Xeon® Processor E-2100 & E-2200 families

Microcode and BIOS updates were released as part of Intel's security advisory INTEL-SA-00289.

Run the Plundervolt Vulnerability Audit Report

If you currently have Intel processors deployed in your network, it's pretty critical that you update them at the earliest opportunity to ensure that you don't fall prey to these vulnerabilities.

Our Intel Plundervolt Vulnerability Audit can tell you in no time which devices are affected and need to be patched.

Intel PlunderVolt audit
Intel Plundervolt Audit

If you haven't already, start your free Lansweeper trial to run the Plundervolt Audit Report.

Share

Share on facebook
Share on twitter
Share on linkedin
Share on reddit
Share on email

Try Lansweeper for Free

Learn why Lansweeper is used by thousands of enterprises worldwide.​
FREE WHITE PAPER
Why centralized IT Asset Discovery is more crucial than ever.