AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New developments and Microsoft solutions against the Spectre v2 attack on Windows

Mitigation strategies and configuration recommendations for Windows users

The new Spectre v2 attack uses "Branch History Injection" to compromise Windows systems. Microsoft has updated procedures to limit this threat by editing the registry.

This pill is also available in Italian language

The issue of processors facing side-channel attacks, such as Spectre, has seen a new resurrection with the development of Spectre v2, recently identified by VUSec researchers. This exploit, which exploits "Branch History Injection" (BHI), also affects Windows systems as it affects the way processors manage branch prediction, i.e. the prediction of branches of executed code. Microsoft has acknowledged the risk, expanding its documentation regarding the CVE-2022-0001 vulnerability to inform users.

How Spectre works in data manipulation

Spectre is based on speculative execution, a mechanism that accelerates processor performance by predicting future instructions. However, this mechanism opens a gap for attacks: in case of a prediction error, sensitive data can be exposed. Spectre v2 specifically takes advantage of information appropriation in the branch history to circumvent normal access restrictions to protected information in memory.

Microsoft procedures to counter Spectre v2

To address this threat, Microsoft has provided specific guidance for Windows users. By editing the registry through the command prompt as an administrator, you can limit the vulnerabilities exposed by Spectre v2. Recommended operations include adding specific parameters in the Registry that allow you to control and limit speculative execution and therefore reduce the risk of exploits.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f

Restoring default security settings

If necessary, administrators can also reverse the changes applied to mitigate Spectre v2. Microsoft allows you to easily remove registry changes inserted to defend against the attack, restoring the default values to ensure that there are no remnants of temporary security configurations that could affect system performance in other scenarios.

reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /f reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f

Follow us on Twitter for more pills like this

04/17/2024 09:08

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon