The SWAPGS Attack vulnerability circumvents the protective measures that have been put in place in response to earlier attacks such as Spectre and Meltdown. Still, there is good news: Microsoft has already released Windows patches.
Identified as CVE-2019-1125, the vulnerability could allow unprivileged local attackers to access sensitive information stored in the operating system privileged kernel memory, including passwords, tokens, and encryption keys, that would otherwise be inaccessible.
The new attack takes advantage of SWAPGS, a system instruction that is used by the operating system to switch between two Model Specific Registers. The SWAPGS attack is, in effect, a variant of the Spectre V1 attack.
Microsoft Secretly Fixes Vulnerability in July Patch Tuesday Update
Users are advised to update Windows in order to mitigate against this new CPU "SWAPGS attack" risk. Microsoft silently issued patches for the new speculative execution vulnerability in its July 2019 Patch Tuesday security update. The Windows security update fixes the vulnerability through software changes that mitigate how a CPU speculatively accesses memory. Microsoft further stated that it is not required to install a microcode update to resolve this vulnerability.
Run the SWAPGS Audit Report to Find Affected Machines
We've created a SWAPGS vulnerability audit report which checks if the assets in your network are on the latest update. It's color-coded to give you an easy and quick overview which assets are already on the latest update, and which ones still need to be patched.
If you haven't already, start your free trial of Lansweeper to run the SWAPGS Vulnerability Audit Report. Make sure to subscribe via the form below if you want to receive the latest Vulnerability Updates.