NetSpectre: Remote Attack over Network Affected Billions of Devices

Details

 

 

A former vulnerability which was discovered in January 2018, affected modern microprocessor chips codenamed Spectre and Meltdown, has evolved with its new Spectre variant named “NetSpectre”, stealing data over the network. NetSpectre is an application of Spectre Variant 1: Bounds Check Bypass. Spectre attack requires malicious code to be running on the victim’s system to possibly capture passwords, keys and other sensitive information from the memory of other software on the computer. NetSpectre is a new technique used for potentially extracting sensitive information from another system or a device without the need of any exploit, but by exfiltrating the data slowly. This is done by sending a series of crafted requests to the target machine and measuring the response time to leak a secret value from the machine’s memory. 

NetSpectre attack uses the AVX (Advanced Vector Extensions)-based covert channel. The AVX allows the attackers to extract the data at a deficient speed of about 15 bits or 60 bits per hour from the target system. NetSpectre attack works in local-area networks as well as between the virtual machines in Google Cloud.

 

Recommendations for Mitigation

• Microsoft has not released the patch at this point in time. Kindly check the reference link for updates.

• Please apply patches for Spectre Variant 1. For example, Microsoft, Intel, have released patches. Please see the references.

• Kindly update to the latest version of the web browsers in use to avoid JavaScript based exploitation. 

 

References

[1] Analyzing potential bounds check bypass vulnerabilities

https://software.intel.com/sites/default/files/managed/4e/a1/337879-analyzing-potential-boundsCheck-bypass-vulnerabilities.pdf

[2] NetSpectre: Read Arbitrary Memory over Network

https://misc0110.net/web/files/netspectre.pdf

[3] Guidance to mitigate speculative execution side-channel vulnerabilities (ADV180002)

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

[4] Spectre Attacks: Exploiting Speculative Execution

https://spectreattack.com/spectre.pdf

[5] Vulnerability Note VU#584653 CPU hardware vulnerable to side-channel attacks

http://www.kb.cert.org/vuls/id/584653

[6] An Update on AMD Security

https://www.amd.com/en/corporate/speculative-execution

[7] CPU Side-Channel Information Disclosure

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

[8] New NetSpectre Attack Can Steal CPU Secrets via Network Connections

https://www.bleepingcomputer.com/news/security/new-netspectre-attack-can-steal-cpu-secrets-vianetwork-connections/

[9] New Spectre attack enables secrets to be leaked over a network

https://arstechnica.com/gadgets/2018/07/new-spectre-attack-enables-secrets-to-be-leaked-over-anetwork/

[10] Mitigation Strategies for Spectre and Meltdown Attack

http://vsintelli.com/portal/blog/24-mitigation-strategies-for-spectre-and-meltdown-attack

  • You are here:  
  • Home
  • Microsoft Security Patch – August 2023