AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New developments and Microsoft solutions against the Spectre v2 attack on Windows

Mitigation strategies and configuration recommendations for Windows users

The new Spectre v2 attack uses "Branch History Injection" to compromise Windows systems. Microsoft has updated procedures to limit this threat by editing the registry.

This pill is also available in Italian language

The issue of processors facing side-channel attacks, such as Spectre, has seen a new resurrection with the development of Spectre v2, recently identified by VUSec researchers. This exploit, which exploits "Branch History Injection" (BHI), also affects Windows systems as it affects the way processors manage branch prediction, i.e. the prediction of branches of executed code. Microsoft has acknowledged the risk, expanding its documentation regarding the CVE-2022-0001 vulnerability to inform users.

How Spectre works in data manipulation

Spectre is based on speculative execution, a mechanism that accelerates processor performance by predicting future instructions. However, this mechanism opens a gap for attacks: in case of a prediction error, sensitive data can be exposed. Spectre v2 specifically takes advantage of information appropriation in the branch history to circumvent normal access restrictions to protected information in memory.

Microsoft procedures to counter Spectre v2

To address this threat, Microsoft has provided specific guidance for Windows users. By editing the registry through the command prompt as an administrator, you can limit the vulnerabilities exposed by Spectre v2. Recommended operations include adding specific parameters in the Registry that allow you to control and limit speculative execution and therefore reduce the risk of exploits.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f

Restoring default security settings

If necessary, administrators can also reverse the changes applied to mitigate Spectre v2. Microsoft allows you to easily remove registry changes inserted to defend against the attack, restoring the default values to ensure that there are no remnants of temporary security configurations that could affect system performance in other scenarios.

reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /f reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f

Follow us on Instagram for more pills like this

04/17/2024 09:08

Marco Verro

Last pills

Zero-day threat on Android devices: Samsung prepares a crucial updateFind out how Samsung is addressing critical Android vulnerabilities and protecting Galaxy devices from cyber threats

CrowdStrike: how a security update crippled the tech worldGlobal impact of a security update on banking, transportation and cloud services: what happened and how the crisis is being addressed

Checkmate the criminal networks: the Interpol operation that reveals the invisibleFind out how Operation Interpol exposed digital fraudsters and traffickers through extraordinary global collaboration, seizing luxury goods and false documents

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report