A flaw exists in the way that a specific instruction is handled on some types of Intel 64-bit chips that could open up some operating systems and types of virtualization software to attacks, according to an alert issued last week but revised today by the United States Computer Emergency Readiness Team (US-CERT).
Attackers could execute malicious code via kernel privileges or launch a local privilege escalation attack, according to the alert, by Jared Allar of US-CERT.
The flaw has already been exploited on 64-bit versions of Microsoft Windows 7, FreeBSD, NetBSD and there’s a chance Apple’s OS X may also be vulnerable, according to a blog on Xen.org, an open source community for users of the virtual service.
The Xen post goes on to claim the vulnerability stems from a difference in the way that Intel’s processors implemented error handling in its version of AMD’s SYSRET instruction. Written by AMD, but used on Intel hardware, the SYSRET instruction contains a bug that could allow a local user to write executable malicious code. The flaw is in the instruction and not in the Intel chips themselves.
Microsoft patched the hole last week (MS12-042), shortly after US-CERT’s announcement, while FreeBSD warned customers in a message the flaw could cause kernel data corruption or crash computers and encouraged users to update their system or apply the requisite binary or source code patches.
For more on this, head to US-CERT’s alert and Xen’s Community blog, which further breaks down the vulnerability and points out that Linux patched the hole in one form or another, back in 2006.