It was early 2018 when a group of Google Project Zero researchers discovered the historic vulnerability Spectre in old and new processors. It was the beginning of a new era: since then, in fact, more and more side-channel attacks have surfaced, capable of extracting confidential information from the memory used in microprocessors.
Specter takes advantage of a key feature of processors, known as speculative execution. To improve performance, processors execute instructions ahead of time based on predictions about program flow (think of jumps conducted during the execution of an application). If predictions are correct, execution goes smoothly and performance improves. However, if a prediction error occurs, the processor must nullify the effect of speculative execution.
The Specter-based attack leverages the processor’s ability to anticipate instructions to obtain information that would normally not be accessible. This can allow an attacker to access sensitive data in your computer’s memory, such as passwords, cryptographic keys, or other data that should remain secret.
The peculiarity of Specter and other side-channel attacks is that the resolution it cannot happen with a simple person software update or firmware. Possible “mitigations” may be applied to mitigate the risk of exploitation of Specter which, however, have a certain negative impact in terms of performance.
Specter v2: the new exploit also affects Windows systems and Microsoft explains how to avoid attacks
In recent days, VUSec researchers have confirmed the development of a new exploit which, years later, brings the Specter vulnerability back into vogue. Baptised Spectre v2the new attack mode leverages – among other things – the Branch History Injection (BHI).
BHI is a cyber attack technique that exploits vulnerabilities in the prediction of jumping behavior (branch prediction) inside the processors. Is called branch history the register of decisions taken by the units jump prediction during program execution.
VUSec has focused its attention in particular on the consequences of Specter v2 on Intel CPU-based Linux systems. Microsoft, however, has updated the bulletin relating to the CVE-2022-0001 flaw, explaining that the new exploit also affects systems Windows.
The technicians of the Redmond company underline that the vulnerability can be exploited when an attacker manages to manipulate the branch history before switching from user mode to supervisor mode (or from non-root/guest mode to root mode on virtual machines).
How to block attacks using Specter v2 on Windows
In the updated version of its support documentation, Microsoft specifies that users interested in preventing attacks based on Specter v2 can simply change the configuration of the system registry. The intervention could be applied on the most exposed Windows systems that process critical information, keeping in mind that modifying the registry and neutralizing Specter v2 may have a negative impact on performance.
The interventions that Microsoft recommends applying on Windows-based systems CPU Intel, to mitigate the risks deriving from new types of attacks based on Specter v2 are the following. To do this, you need to access the command prompt with administrator rights (type cmd in the search box and choose Run as administrator) then type the following:
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f
If you later want to undo the changes and restore the default Windows configuration, just type the following:
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /f
reg delete "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /f
Opening image credit: University of Michigan.