New developments and Microsoft solutions against the Spectre v2 attack on Windows
Mitigation strategies and configuration recommendations for Windows users
The new Spectre v2 attack uses "Branch History Injection" to compromise Windows systems. Microsoft has updated procedures to limit this threat by editing the registry.
The issue of processors facing side-channel attacks, such as Spectre, has seen a new resurrection with the development of Spectre v2, recently identified by VUSec researchers. This exploit, which exploits "Branch History Injection" (BHI), also affects Windows systems as it affects the way processors manage branch prediction, i.e. the prediction of branches of executed code. Microsoft has acknowledged the risk, expanding its documentation regarding the CVE-2022-0001 vulnerability to inform users.
How Spectre works in data manipulation
Spectre is based on speculative execution, a mechanism that accelerates processor performance by predicting future instructions. However, this mechanism opens a gap for attacks: in case of a prediction error, sensitive data can be exposed. Spectre v2 specifically takes advantage of information appropriation in the branch history to circumvent normal access restrictions to protected information in memory.
Microsoft procedures to counter Spectre v2
To address this threat, Microsoft has provided specific guidance for Windows users. By editing the registry through the command prompt as an administrator, you can limit the vulnerabilities exposed by Spectre v2. Recommended operations include adding specific parameters in the Registry that allow you to control and limit speculative execution and therefore reduce the risk of exploits.
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f
Restoring default security settings
If necessary, administrators can also reverse the changes applied to mitigate Spectre v2. Microsoft allows you to easily remove registry changes inserted to defend against the attack, restoring the default values to ensure that there are no remnants of temporary security configurations that could affect system performance in other scenarios.
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /f reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f
04/17/2024 09:08
Marco Verro