CERT-US Advises that 64-bit OSs and virtualization software on Intel 64 chips are vulnerable to hacks

Sachin Ganpat — Sat, 16 Jun 2012 02:31:29 +0000

The US Computer Emergency Response Team (US-CERT) has advised that some 64-bit operating systems and virtualization software running on Intel 64 CPU hardware are vulnerable to a local privilege escalation attack. An attacker may exploit the vulnerability to escalate privileges or gain access to the host machine from a guest virtual machine.

The vulnerability is identified as CVE-2012-0217 and stems from the way Intel 64 CPUs have implemented the SYSRET instruction. The vulnerability can only be exploited on Intel CPUs when the Intel 64 extension is in use, that is, using a 64-bit OS; 32-bit OSes are not affected.

AMD does not implement the SYSRET instruction the same way and is not similarly affected. However, systems running on AMD64 chips may lock up under an attack and may therefore pose a Denial of Service (DoS) vulnerability.

A list of vendors and their vulnerability status is shown below. Note that this list may not be updated and you should check the CERT-US website for updates.

Vendor	Status
Citrix	Affected
FreeBSD Project	Affected
Intel Corporation	Affected
Joyent	Affected
Microsoft Corporation	Affected
NetBSD	Affected
Oracle Corporation	Affected
Red Hat, Inc.	Affected
SUSE Linux	Affected
Xen	Affected
AMD	Not Affected
Apple Inc.	Not Affected
VMware	Not Affected
Debian GNU/Linux	Unknown
Fedora Project	Unknown

Interxect Services advises customers to update your systems with vendor approved patches as they become available.

Original article: CERT-US Advises that 64-bit OSs and virtualization software on Intel 64 chips are vulnerable to hacks

Interxect Services Limited

CERT-US Advises that 64-bit OSs and virtualization software on Intel 64 chips are vulnerable to hacks