AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New developments and Microsoft solutions against the Spectre v2 attack on Windows

Mitigation strategies and configuration recommendations for Windows users

The new Spectre v2 attack uses "Branch History Injection" to compromise Windows systems. Microsoft has updated procedures to limit this threat by editing the registry.

This pill is also available in Italian language

The issue of processors facing side-channel attacks, such as Spectre, has seen a new resurrection with the development of Spectre v2, recently identified by VUSec researchers. This exploit, which exploits "Branch History Injection" (BHI), also affects Windows systems as it affects the way processors manage branch prediction, i.e. the prediction of branches of executed code. Microsoft has acknowledged the risk, expanding its documentation regarding the CVE-2022-0001 vulnerability to inform users.

How Spectre works in data manipulation

Spectre is based on speculative execution, a mechanism that accelerates processor performance by predicting future instructions. However, this mechanism opens a gap for attacks: in case of a prediction error, sensitive data can be exposed. Spectre v2 specifically takes advantage of information appropriation in the branch history to circumvent normal access restrictions to protected information in memory.

Microsoft procedures to counter Spectre v2

To address this threat, Microsoft has provided specific guidance for Windows users. By editing the registry through the command prompt as an administrator, you can limit the vulnerabilities exposed by Spectre v2. Recommended operations include adding specific parameters in the Registry that allow you to control and limit speculative execution and therefore reduce the risk of exploits.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f

Restoring default security settings

If necessary, administrators can also reverse the changes applied to mitigate Spectre v2. Microsoft allows you to easily remove registry changes inserted to defend against the attack, restoring the default values to ensure that there are no remnants of temporary security configurations that could affect system performance in other scenarios.

reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /f reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f

Follow us on Instagram for more pills like this

04/17/2024 09:08

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately