A Bug that Blurs the Lines Between CPU Modes

Just a few months after the firmware in their computer chips was revealed to be significantly flawed, Intel’s flagship product has yet again resulted in negative attention to the company. While the issue now has a fix, there was the possibility that a solution could reduce the functionality of the CPU.

In a blog run by a user known only as 'Python Sweetness', a post popped up stating that “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.”

To put it another way, there was a bug that messed with how other programs interacted with the CPU. A functioning CPU has two modes: kernel and user. User mode is the one that is usually considered ‘safe’ mode, while kernel mode allows access into the computer’s inner workings. Python Sweetness, however, realized that there was a bug that blurred the lines between user and kernel mode. This problem created a means for malware and other malicious programs to access a system’s hardware directly.

The bug was supposed to cause the system to have to switch entire processes back and forth between user mode and kernel mode, which would slow any of the computer’s functions down significantly. The initial expectation was that the computer could only be fixed with a hardware change. Luckily, a fix was constructed and released as a Windows update, costing only 2 percent of system performance (a much better outcome than it could have been).

For PCs with Windows 10 running and an antivirus that supports the patch, the fix should be in place. To confirm this, go to Settings > Update & Security to see if there are any updates waiting to be implemented. If not, check your update history for Security Update for Windows (KB4056892), or check with your antivirus provider to find out when it will be supported. The patch will not be installed until it sees that the antivirus has been updated to a version that the vendor verifies.

If you own an Android device, there was an update on January 5th that provided mitigations, with the promise of continued updates to add to these protections. Google-branded phones (including the Nexus and Pixel lines) should have already received the patches, and other Android phones may have too. This is something you need to check; if you haven’t received an update yet, call your carrier.

A Google Chrome update is expected on January 23rd, with other browsers following suit, that will also include mitigations. Until then, ask an IT resource to help you activate Site Isolation to help prevent a malicious website from accessing your data.

Other devices, such as NAS devices, smart appliances, networking equipment, media equipment, etc., may also be at risk since they are using similar hardware. It’s imperative for company owners to have their entire infrastructure reviewed and audited.

For the fix to actually happen, the update has to be installed. This is why it is worth having a managed service provider looking out for your organization. The MSP would be there, ear to the ground for news of updates, ready to jump into action when necessary. As a representative of you organization, you wouldn’t have to worry about dealing with any of it, which of course means that you and your staff would be free to focus on profit-generating initiatives, without the distraction of maintenance and updates
Macro Systems can be that MSP for you. Call us at 703-359-9211 for more information.