SWAPGS Speculative Execution Vulnerability for Intel CPUs Disclosed, Microsoft Releases Windows 10 Patch

Intel CPUs have once again been found to be vulnerable to a speculative execution exploit

Advertisement
By Jamshed Avari | Updated: 7 August 2019 17:52 IST
Highlights
  • The flaw was discovered a year ago and has just been publicly disclosed
  • Microsoft released a patch for the vulnerability in July
  • AMD says its CPUs are not affected by this specific flaw
SWAPGS Speculative Execution Vulnerability for Intel CPUs Disclosed, Microsoft Releases Windows 10 Patch

Security vendor Bitdefender has disclosed details of a new speculative execution security vulnerability in Intel CPUs dating back to 2012, which could be used to steal sensitive information including passwords from a computer. The newly discovered issue, named SWAPGS, could also negate all the patches so far released for the infamous Spectre and Meltdown flaws. According to Bitdefender, the issue was first discovered over a year ago, and the company has been working with Intel and other ecosystem stakeholders in order to minimise its impact. Public disclosure was withheld till just now, at the ongoing Black Hat security conference, where Bitdefender has released a detailed whitepaper on its research.

The flaw follows the highly publicised Spectre and Meltdown speculative execution vulnerabilities, as well as other similar flaws that have been discovered since. All Intel CPUs starting with the Ivy Bridge generation, first released in 2012, are particularly affected by these issues due to the fundamental design of their architecture. AMD has released a statement saying that it believes its products are unaffected, though this has not yet been confirmed by third-party research.

Speculative execution refers to a CPU's way of speeding up operations by pre-emptively running instructions that might be needed in the future, in order to make sure that the CPU pipeline is not waiting for data and can successfully utilise all its resources simultaneously rather than waiting for one instruction to complete before its result can be applied to further calculations. Security flaws arise when the CPU is allowed to speculatively execute instructions that require secure data, which should only be accessed when sufficient privileges are granted. Attackers can craft instructions that intercept that data while it is being accessed in this manner.

The SWAPGS instruction is used by Intel CPUs when switching between the secure (kernel mode) and open (user mode). A sophisticated attacker could exploit the way that Windows issues instructions to intercept sensitive data that should have been in the privileged kernel memory space.

Advertisement

In a statement published by The Inquirer, Intel has stated: "Intel, along with industry partners, determined the issue was better addressed at the software level and connected the researchers to Microsoft. It takes the ecosystem working together to collectively keep products and data more secure, and this issue is being coordinated by Microsoft."

Microsoft released a security patch addressing this issue in July 2019 without publicising it, but has now published its own disclosure. This patch is recommended, since previous patches for Spectre and Meltdown, amongst other similar issues, will not protect against SWAPGS.

Advertisement

Red Hat has also published an advisory stating that it does not believe that SWAPGS can be exploited on operating systems based on the Linux kernel, but users can update and reboot their systems just in case.

Bitdefender has published a detailed whitepaper on the SWAPGS vulnerability, in which it states that the AMD CPUs it tested were not affected, and that it doesn't believe that other architectures including ARM will be vulnerable, though there is a possibility that other equivalent exploits might exist.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Poco F7 5G to Be Equipped With a Snapdragon 8s Gen 4 SoC
  2. Realme 15 Series Said to Launch in July; Lite Variant Leaked Online
  3. Oppo Reno 14 5G Series Teased to Launch in India Soon
  4. Samsung Galaxy M36 5G India Launch Date and Key Features Revealed
  5. Samsung Galaxy Z Fold 7, Z Flip 7 Launch Date Leaked Online
  6. Vivo X Fold 5 Dimensions, Charging Capacity Revealed Ahead of Launch
  7. OnePlus Bullets Wireless Z3 With Up to 36 Hours Battery Launched in India
  1. Nothing Phone 3 to Feature New Glyph Matrix LED Interface on the Rear Panel
  2. Capcom Spotlight Livestream Announced for Next Week; Will Feature Updates on Resident Evil: Requiem, Pragmata
  3. OnePlus Gaming Phone With Flagship Features, Shoulder Triggers Said to Be in Development
  4. Honor Magic V5 Set to Launch on July 2, Design Officially Teased
  5. Samsung Galaxy M36 5G India Launch Date Set for June 27; Colours, Key Features Revealed
  6. Realme 15 Series Launch Timeline Leaked; Lite Variant Surfaces Online
  7. Oppo Reno 14 5G Series India Launch Confirmed: Expected Price, Specifications
  8. Google Messages Widely Rolling Out Snooze Notifications and Delete for Everyone Features
  9. OnePlus Bullets Wireless Z3 With 12.4mm Drivers, Up to 36 Hours of Battery Life Launched in India
  10. Microsoft Planning Thousands More Job Cuts Aimed at Salespeople
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.