Remember Spectre and Meltdown, the twin transient attack CPU vulnerabilities that were uncovered for the first time back in 2017? The Spectre variant 2 flaw has popped its head up again in Intel CPUs. As such, Microsoft has published a guidance document on how to enable the mitigations.
On its MSRC (Microsoft Security Response Center) dashboard, Microsoft writes:
On April 9, 2024 we published CVE-2022-0001 | Intel Branch History Injection which describes Branch History Injection (BHI) which is a specific form of intra-mode BTI. This vulnerability occurs when an attacker may manipulate branch history before transitioning from user to supervisor mode (or from VMX non-root/guest to root mode).
This manipulation could cause an indirect branch predictor to select a specific predictor entry for an indirect branch, and a disclosure gadget at the predicted target will transiently execute. This may be possible because the relevant branch history may contain branches taken in previous security contexts, and in particular, other predictor modes.
The Spectre vulnerability generally exploits processors that use branch prediction or speculation. It can also circumvent Enhanced Indirect Branch Restricted Speculation (EIBRS) hardware mitigations (or CSV2 in the case of ARM) by using a branch history buffer (BHB). Hence, Spectre v2 is also called Spectre-BHB, Branch History Injection (BHI), or Branch Target Injection (BTI). Essentially, Spectre exploits branch mispredictions to leak sensitive information.
This means most modern Intel CPUs from the 6th Gen (Skylake) onwards are impacted by this.
The published guidance involves editing the Windows Registry, and hence, it is preceded by a fair share of warnings and cautions.
We are providing the following registry information to enable the mitigations for this CVE.
To enable the mitigation for CVE-2022-0001 on Windows devices and clients using Intel Processors:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0x00800000 /f reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 0x00000003 /f
This also means users can expect at least some performance impact once the mitigation is applied.
Intel has also updated its own advisory to add a section:
Update: Since this guidance was originally published in 2022, the VU Amsterdam researchers have proposed new software techniques to identify and potentially exploit disclosure gadgets using BHI. Intel has added additional information to the technical documentation to address this development
You can find more technical details at the source links below.
10 Comments - Add comment