Skip to content Skip to footer

Intel: Foreshadow Flaws


Another Week, Another Security Flaw

Foreshadow, also known as L1 Terminal Fault, is another problem with speculative execution in Intel’s processors. Foreshadow may allow malicious software to break into secure areas that even the Spectre and Meltdown flaws couldn’t crack.

What Is Foreshadow?

Specifically, Foreshadow attacks Intel’s Software Guard Extensions (SGX) feature. This is built into Intel chips to let programs create secure “enclaves.”  These can’t be accessed, even by other programs on the computer.

Even if malware were on the computer, it couldn’t access the secure enclave… in theory. When Spectre and Meltdown were announced, security researchers found that SGX-protected memory was mostly immune to Spectre and Meltdown attacks.

There are also two related attacks, which the security researchers are calling “Foreshadow – Next Generation,” or Foreshadow-NG. These allow access to information in System Management Mode (SMM), the operating system kernel, or a virtual machine hypervisor.

How Does It Work?

In theory, code running in one virtual machine on a system could read information stored in another virtual machine on the system, even though those virtual machines are supposed to be completely isolated.

Foreshadow and Foreshadow-NG, like Spectre and Meltdown, use flaws in speculative execution. Modern processors guess the code they think might run next and preemptively execute it to save time. However, this speculative execution leaves some information behind. For example, based on how long a speculative execution process takes to perform certain types of requests, programs can infer what data is in an area of memory — even if they can’t access that area of memory.

Because malicious programs can use these techniques to read protected memory, they could even access data stored in the L1 cache. This is the low-level memory on the CPU where secure cryptographic keys are stored. That’s why these attacks are also known as “L1 Terminal Fault” or L1TF.

To take advantage of Foreshadow, the attacker just needs to be able to run code on your computer. The code doesn’t require special permissions. It could be a standard user program with no low-level system access, or even software running inside a virtual machine.

Is Foreshadow Being Used In The Wild?

Foreshadow was discovered by security researchers. These researchers have a proof-of-concept — in other words, a functional attack — but they’re not releasing it at this time. This gives everyone time to create, release, and apply patches to protect against the attack.

How You Can Protect Your PC

Note that only PCs with Intel chips are vulnerable to Foreshadow in the first place. AMD chips aren’t vulnerable to this flaw.

Most Windows PCs only need operating system updates to protect themselves from Foreshadow, according to Microsoft’s official security advisory. Just run Windows Update to install the latest patches. Microsoft says that it has not noticed any performance loss from installing these patches.

Some PCs may also need new Intel microcode to protect themselves. Intel says these are the same microcode updates that were released earlier this year. You can get new firmware, if it’s available for your PC, by installing the latest UEFI or BIOS updates from your PC or motherboard manufacturer. You can also install microcode updates directly from Microsoft.

(Image Source: iCLIPART)