Intel’s microprocessors vulnerable to remote attack

July 17, 2008

Image by trekkyandy via Flickr

Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel’s microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running.

The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler.

“I’m going to show real working code…and make it publicly available,” Kaspersky said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities.

The demonstrated attack will be made against fully patched computers running a range of operating systems, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux and BSD, Kaspersky said, adding that the demonstration of an attack against a Mac is also a possibility.

While some errata can affect a chip’s ability to function properly — such as the errata that last year forced Advanced Micro Devices to push back volume shipments of its quad-core Opteron processors — many others exist unnoticed by users.

“It’s possible to fix most of the bugs, and Intel provides workarounds to the major BIOS vendors,” Kaspersky said, referring to the code that controls the most basic functions of a PC.