Windows 7, the Xen hypervisor, and various BSD-variants were vulnerable to a bug that has been around since 2006 is known. That has a Polish researcher discovered. It comes to a faulty implementation of an Intel-cpu-instruction.
Beveiligingsonderzoeker Rafal Wojtczuk discovered earlier this year that a bug that has been around since 2006 was known, and at the time in Linux was patched, was still present in 64bit versions of Windows 7, Windows Server 2008 R2, FreeBSD, NetBSD and Xen hypervisor. Or earlier Windows versions are also vulnerable, is unclear.
Meanwhile the bug for all operating systems and Xen is patched, says Wojtczuk in an interview with Tweakers.net at the Black Hat security conference, where he findings presented. There was action taken after Wojtczuk his findings to the respective companies and organizations reported.
It is a so-called privilege escalation bug, whereby an attacker with access to a system, rights in know to high. The error was in this case in the way in which operating systems interacted with an instruction in 64bit-Intel-cpus. According to Intel it is not a bug in the x64 instruction set, but to a wrong implementation of the instruction in operating systems.
The question is why the patching of the bug in many cases, six years; Wojtczuk can this only speculate. “I think it is because 64bit cpus, six years ago, just not yet in use,” said Wojtczuk. “It is simply not noticed.”
Although the bug itself is not enough to have remote access to a system, it was a risk for desktops and servers where a lot of people make use of them. Virtual hosting providers had, in particular, can suffer from, because one user access at the user level could ‘upgrade’ to access as root.
Because the widely used Xen hypervisor, was fragile, it also had consequences for providers of virtual servers: attackers were from a virtual server can “break” and get access to the underlying server of the provider. Anyway, Xen is only vulnerable when he is in a certain mode, turned, called the paravirtualisatiemodus.