A vulnerability shakes the Intel 64-bit

Considering how long the processor to 64 bits have been launched on the market (in the world of personal computers came in 2003, although the spread, at least for the early years focused on server systems), is at least curious to learn today that all CPUs Intel x86-64 suffer from a major security vulnerability.

The news of the identification of security holes that could allow malicious code execution with user privileges highest ever, was given by CERT , U.S. organization that provides emergency responses to the main computer. extension for 64-bit x86 processors from AMD was originally introduced as the x86-64′s and was embraced by Intel (EM64T as ) and other smaller producers. When defining the specifications of x86-64, AMD has decided to reduce the addressable memory space to 48 bits, leaving unused bits 48 to 64. To avoid the inclusion of potentially malicious code in the latter area, the AMD exploit what are called “canonical addresses” are the bits that go from number 48 to 64 must have the same value of the bit number 47. If an application ” Ring 3 “, running with more limited privileges, or a normal user try to use non-canonical addresses to gain elevated privileges, the processor raises the shields produce a General Protection Fault.


The code then is reloaded – where possible – from a safe location in the kernel. When referring to the privilege level at which an application is run, experts often use the term “ring”. With “ring 0″ identifies the processes running in kernel mode while “Ring 3″ applications “user mode” such as browsers, Notepad and so on. When the processor operates in kernel mode, it has access to all registers and the entire system memory. In contrast, when the CPU operates in user mode (level 3), is allowed access only to those memory areas that are usable in “user mode”. Because the code that runs in kernel mode can have indiscriminate access to all areas of the system, able to run programs in this context is the objective to look with great interest all the authors of rootkits and malware in general evolved.

I Intel observe a behavior similar to AMD CPU except for a slight difference regarding the manner in which the canonical addresses are treated. It follows that an attacker can try to inject a malicious piece of code on Intel getting them to restore this code after the error protection. Once this event presented himself, what the attacker has obtained is a process operating at the kernel level, which in turn makes reference to the area located beyond the 48-bit where there is malicious code, ready to run with the privileges higher. Although the picture may seem disastrous, it should be noted that all major operating system vendors have already taken action to release and distribute a patch termination. Although, to date, Intel has not yet officially commented on the issue, Microsoft – in the last “patch day” – has released an update that stopped the hole (this is the MS12-042 bulletin released last Tuesday). Other manufacturers are also activated (see this page ). Initially, in fact, it was believed that the issue was only for users of Linux on machines with Intel 64-bit, then the same failings revealed in Windows, BSD, at least in theory, even on Mac OS X.