How to protect a Windows computer from Intel Foreshadow Flaws?

By Katrina Pascual | October 11, 2018 |

greater than 4 minutes

Foreshadowing disaster:

Ways to protect a PC from Foreshadow flaws

It looks like Intel processors are having a tough 2018 and the spate of misfortune and vulnerabilities isn’t going to end soon. Foreshadow, also dubbed L1 Terminal Fault, is an ongoing issue with a chip design feature called speculative execution that can potentially affect millions of Intel chips and can be used by malware to steal sensitive data.

Foreshadow lets malicious software break into secure areas that even the previous Spectre and Meltdown bugs couldn’t crack. Here are a deeper look into the problem and smart ways on how to keep safe from Intel Foreshadow attacks.

What is Foreshadow?

Foreshadow is a weakness that attacks the Software Guard Extensions (SGX) feature of Intel, built into chips since 2015 to allow programs to create secure enclaves that cannot be accessed even by other programs on the computer. In short, SGX was designed to protect code from being modified or disclosed.

In theory, the secure enclave is safe and untouched even if there’s malware on the computer. But in this weakness, a hacker could create a program exploiting the vulnerability to read data that was thought to be secure in the CPU even if the main system was compromised. Suddenly there’s the danger that the data in a secure enclave could still be copied elsewhere and then accessed.

There are two related attacks involved, including one called “Foreshadow Next Generation” or simply Foreshadow-NG. They permit access to information in System Management Mode (SMM) or a virtual machine hypervisor.

According to Intel, Foreshadow was first documented by two sets of researchers back in January 2018. The vulnerability has been called CVE-2018-3615. Further variants extended the weakness to new SGX-enabled chips running hypervisors and have been dubbed CVE-2018-3620 and CVE-2018-3646.

The famed chip company discovered Foreshadow only days after the world got wind of the Spectre and Meltdown mega-flaws. Foreshadow is the latest and probably most notable example of the so-called Spectre-NG flaw.

How the flaw works?

These weaknesses harness flaws in speculative execution. In modern processors, the code that might run next is guessed and executed preemptively in order to save time. Once a program attempts to run the code, it’s been done and the processor knows what the results are. If it doesn’t do so, the processor can ditch the results.

This speculative execution, though, leaves behind some information. Here’s an example. Based on the time it takes for a speculative execution process to perform specific requests, programs are able to infer the data in an area of memory, even without access to that area. Malicious programs could access data stored in the L1 cache – the low-level memory on the CPU that stores secure cryptographic keys – since they can abuse these methods to read protected memory.

Attackers just need to run code on the computer to exploit Foreshadow. No special permissions are required: it could simply be software operating in a virtual machine or a standard user program without low-level system access.

A list of affected CPUs

Users who bought an Intel system after late 2015 face a high likelihood that it contains an affected CPU. Note that AMD and other vendors not using SGX don’t need to be concerned with how to keep safe from Intel foreshadow attacks.

If you cannot resolve the
problem yourself, you can
ask our certified PC technicians for immediate assistance in the chat right on this page.
  • Intel Xeon Processor D (1500, 2100)
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor E7 v1/v2/v3/v4 Family
  • Intel Xeon Processor E5 v1/v2/v3/v4 Family
  • Intel Xeon Processor E3 v1/v2/v3/v4/v5/v6 Family
  • Intel Xeon processor 3400/3600/5500/5600/6500/7500 series
  • Intel Core X-series Processor Family for Intel X99 and X299 platforms
  • 2nd/3rd/4th/5th/6th/7th/8th generation Intel Core processors
  • Intel Core i3/i5/i7/M processor (45nm and 32nm)

Intel said that systems that have already applied firmware updates made available earlier this year, besides applicable OS updates, should already be shielded from Foreshadow. Things, however, might be more complicated in data centers that run hypervisors prone to Foreshadow-NG attacks.

With Intel’s apparent long-term solution of designing the weaknesses out of its future CPUs, it might take time to restore normalcy in this side of the chip trade.

How to protect your Windows computer now?

Here are simple yet radically effective ways to get protected today:

  1. Update your BIOS. Keep your laptop or desktop up to date by installing the latest BIOS updates from the manufacturer of the laptop or motherboard (for a PC). Usually, this involves CPU microcode updates.
  2. Update Windows.Don’t be content with microcode updates alone, as they work alongside the OS updates to protect against malware that could take advantage of Foreshadow. Microsoft’s official security advisory assured that most Windows PCs need only OS updates in order to protect themselves from the Foreshadow flaw. Run Windows Update to install the latest patches.
  3. Run anti-malware software. Maintain up-to-date protection on your desktop or laptop, which can help detect and stop malware in its tracks before Windows or the processor’s security safeguards are even activated. Auslogics Anti-Malware offers topnotch protection against malware and data safety threats, detecting malicious items not previously suspected to exist, flexibly scheduling automatic scans, and doubling protection by catching items your antivirus may miss.

Make sure Auslogics Anti-Malware is always on to protect your PC.

These flaws may be proof-of-concept right now, but it’s best to think up and execute ways to protect a PC from Foreshadow flaws early on while future Intel CPUs are getting armed with hardware improvements for every user’s peace of mind.

20
off
Your first order from Auslogics

Want 20% off right now? Subscribe to our newsletter and save!

You will immediately get a 20% discount coupon via email, and we will send you the Auslogics newsletter to notify of great discounts, new releases, helpful PC tips and giveaways.

Please enter a correct email address
Almost done! Please check your mailbox and confirm your address.

IMPORTANT: Auslogics values your privacy and will not disclose your information to any third parties. Every email includes an unsubscribe link, so you may unsubscribe any time. All personal data you provide to us is handled in accordance with applicable laws, including the European GDPR. Please see our Privacy Policy for more details.

Share it:
Do you like this post?
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...

 

GET LIVE HELP WITH PC ISSUES

Call us toll-free

US & Canada 1-888-706-5659

UK 1-800-041-8199

Australia 1-800-370-543

Chat with us online

Prefer us to call you back? Give us your phone number via chat

Fix your PC in THREE easy steps

Step 1

Call us or chat with us. Our agents are online around the clock

Step 2

We will remotely access your device, provide you with free diagnostics, and discuss repair options

Step 3

Sit back and watch. Most problems will be fixed immediately within less than an hour