After Spectre and Meltdown, it is now Æpicleak’s and SQUIP’s turn
Processors from AMD and Intel contain vulnerabilities that attackers can use to leak data. They were found by researchers of Sapienza University of Rome, the Graz University of Technology, the CISPA Helmholtz Center for Information Security, and Amazon Web Services.
The first vulnerability – more precisely a design flaw – affects Intel’s CPUs and is called Æpicleak (CVE-2022-21233, aepicleak.pdf). Æpicleak affects all processors based on Intel’s Sunny Cove architecture, i.e. Ice Lake, Alder Lake and Ice Lake SP (Xeon). It can be used to leak data from SGX enclaves. This makes them useless as a security mechanism once and for all. Researchers have succeeded in tests to derive larger parts of the AES-NI and RSA keys from an SGX enclave.
The second is a side-channel attack that can be exploited via Simultaneous Multi-Threading (SMT) and is called SQUIP (CVE-2021- 46778, squip-paper.pdf). It affects AMD’s CPUs with Zen 2 and Zen 3 architecture, but the causal vulnerability is also found in Apple’s M1. SQUIP can be used not only to transfer data indirectly – once a suitable victim has been identified, e.g. crypto keys can also be read. The researchers were able to demonstrate this using an RSA signature.
Further information on these vulnerabilities to be read here:
- ÆPIC Leak (aepicleak.com)
- INTEL-SA-00657 / Stale Data Read from Legacy xAPIC (intel.com)
- Execution Unit Scheduler Contention Side-Channel Vulnerability on AMD Processors (amd.com)
OCSF: New standard for interoperability in cybersecurity
Detecting and defending against today’s cyberattacks requires the coordination of multiple cybersecurity tools, but unfortunately normalizing data from multiple sources requires a significant investment of time and resources. Open Cybersecurity Schema Framework (OCSF) is an open-source project with the goal of providing a simplified and vendor-independent taxonomy to enable all security teams to ingest and analyze data better and faster, without the time-consuming upfront normalization tasks.
OCSF is an open standard that can be adopted in any environment, application or by any solution provider and is compatible with existing security standards and processes. The Open Cybersecurity Schema Framework (OCSF) project was conceived and initiated by AWS and Splunk and builds on Symantec’s ICD schema work. The founding members are AWS, Cloudflare, CrowdStrike, DTEX, IBM Security, IronNet, JupiterOne, Okta, Palo Alto Networks, Rapid7, Salesforce, Securonix, Splunk, Sumo, Symantec, Logic, Tanium, Trend Micro and Zscaler.
Microsoft is pursuing a similar goal with MISA (Microsoft Intelligent Security Association).
Get more information on this open-source project here: Open Cybersecurity Schema Framework (github.com)
Vulnerabilities and updates of the week
121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild. Of the 121 bugs, 17 are rated “Critical”, 102 are rated “Important”, one is rated “Moderate”, and one is rated “Low” in severity. Two of the issues have been listed as publicly known at the time of the release. Topping the list of patches is CVE-2022-34713 (CVSS score: 7.8), a case of remote code execution affecting the Microsoft Windows Support Diagnostic Tool (MSDT), publicly known as DogWalk.
Microsoft also resolved three privilege escalation flaws in Exchange Server that could be abused to read targeted email messages and download attachments (CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516) and one publicly known information disclosure vulnerability (CVE-2022-30134) in Exchange which could as well lead to the same impact.
Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited, could enable a malicious actor to seize control of affected systems. The most critical of the weaknesses is CVE-2022-1399, which makes it possible to execute bash instructions through command injection and with root permissions, granting the attacker full control over the underlying appliance. The flaws were addressed by Device42 in version 18.01.00 released on July 7, 2022.
Interested in more information? Here are two of our trusted sources:
- Security Update Guide (microsoft.com)
- Whitepaper. Multiple Vulnerabilities in the Device42 Asset Management Appliance (bitdefender.com)
Is cybersecurity a topic of interest for your company? As an independent entity with a portfolio of proven security providers, CyberCompare can provide you with comparative offers at no charge and with no obligation. Reach out to us or use our diagnostic to learn more about your cyber risk profile.
Please remember: this article is based our knowledge at the time it was written – but we learn more every day. Do you think important points are missing or do you see the topic from a different perspective? We would be happy to discuss current developments in greater detail with you and your company’s other experts and welcome your feedback and thoughts.
And one more thing: the fact that an article mentions (or does not mention) a provider does not represent a recommendation from CyberCompare. Recommendations always depend on the customer’s individual situation.