Intel Patches Flaw That Allows Hardware-based Security Feature Bypass
Intel underwent a complex patching process in order to fix a recently discovered flaw in the SINIT ACMs (Authenticated Code Modules) that allowed for the TXT (Trusted Execution Technology) implemented in its microprocessors and chipsets to be bypassed.
The elevation of privilege vulnerability was discovered by security firm Invisible Things Lab, whose researchers found a similar flaw in SINIT ACM two years ago. In fact, according to Joanna Rutkowska, the company's founder and CEO, the issue discovered in 2009 was a subset of this newly found vulnerability.
The researcher said that she was surprised to see Intel rate the severity of this flaw as important, while the 2009 was rated as critical. "What is really interesting about the attack are the consequences of SINIT mode hijacking, which include ability to bypass Intel TXT, LCP, and also compromise system SMRAM [System Management RAM]," Rutkowska said in a blog post.
This vulnerability is significant because Intel's Trusted Execution Technology is a hardware extension to the company's microprocessors and chipsets that is meant to provide a protection mechanism against software-based attacks. TXT can be used by companies to control how information is stored, processed and exchanged on their systems.
Intel published an advisory on Monday to announce that updated SINIT ACMs and microcode are available to resolve this issue. However, according to Rutkowska, the patching process required a significant effort from the company.
"They had to release not only updated SINIT modules, but also updated microcode for all the affected processors, and also work with the BIOS vendors so they release updated BIOSes that would be unconditionally loading this updated microcode (plus provide anti-rollback mechanisms for both the BIOS and microcode). Quite an undertaking," the researcher said.
For the technically minded, Invisible Things Lab published a research paper that details how the vulnerability works and describes the exploit developed by the company to bypass Intel's TXT and LCP [Local Control Panel].
System administrators who rely on this technology are advised to obtain BIOS updates that address the vulnerability from their respective OEMs and deploy them as soon as possible. If an update is not yet available or the technology is not used, Intel TXT should be disabled from the BIOS.