New Microsoft Security Signals study shows firmware attacks on rise

    New Microsoft Security Signals study shows firmware attacks on rise

    New Microsoft Security Signals study shows firmware attacks on rise


    Posted: 30 Mar 2021

    Cybersecurity threats are always evolving, and today we’re seeing a new wave of advanced attacks targeting areas of computing that don’t have the protection of the cloud. New data shows that firmware attacks are on the rise, and businesses aren’t paying close enough attention to securing this critical layer.

    Recently, Microsoft commissioned a study that showed how attacks against firmware are outpacing investments targeted at stopping them. The March 2021 Security Signals report showed that more than 80% of enterprises have experienced at least one firmware attack in the past two years, but only 29% of security budgets are allocated to protect firmware.

    Security Signals is a comprehensive research report assembled from interviews with 1,000 enterprise security decision makers (SDMs) from various industries across the U.S., UK, Germany, China, and Japan. Microsoft commissioned Hypothesis Group, an insights, design, and strategy agency, to execute the research.

    The study showed that current investment is going to security updates, vulnerability scanning, and advanced threat protection solutions. Yet despite this, many organizations are concerned about malware accessing their system as well as the difficulty in detecting threats, suggesting that firmware is more difficult to monitor and control. Firmware vulnerabilities are also exacerbated by a lack of awareness and a lack of automation.

    But the tide may be starting to turn against firmware exploits. There is a growing awareness of the issue worldwide, a new willingness to invest in protections, and an emerging class of secured-core hardware is showing the potential to empower organizations with chip-level security and new automation and analytics capabilities.


    Read more: https://www.microsoft.com/security/b...ss-of-threats/


    Brink's Avatar Posted By: Brink
    30 Mar 2021


  1. Posts : 11,246
    Windows / Linux : Arch Linux
       #1

    Hi there
    This sort of news while "not exactly Fake News" exactly really raises totally unreasonable alarms in probably 90% or more of domestic Home Users of Windows. These sorts of attacks really are targeted against infrastructure,and businesses etc who might either just be targets of groups who just don't like them or who think they can make some serious money.

    What serious hacker is going to spend a lot of time messing around with trying to infest firmware on a typical "Mom and Pop" type of home computer -- to make what -- even 3 USD would probably be an exaggeration.

    Sometimes I get the feeling these sorts of "News" things about Viruses are the last throw of the dice by companies such as Malwarebytes and others - who may have had a place in C20 when Windows security was either non existent or just a joke but now in C21 really have absolutely no place any more in the domestic (i.e HOME -- not Enterprise) market now that WD (Windows Defender for the uninitiated) really works these days.

    Anybody on home computers should just ignore all these things of "Firmware attacks" etc - Perhaps my Fridge will now order me a Ferrari or my Central heating system organise a shutdown of the USA's Stock market. (Now that would be a great idea for a new Novel or a Film !!).

    Cheers
    jimbo
      My Computer


  2. Posts : 70,926
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #2
      My Computers


  3. Posts : 1,079
    10 + Linux
       #3

    This second article states that the Windows UEFI Firmware Update parameter should be enabled in the BIOS and some corrections may be applied via WU.

    Latest gadget for the 2021 Grub2 secure-boot-bypass multiple issues. I just got this update this morning. More updates are expected in the weeks to come, same for MS. Command line is root:


    Code:
    # spectre-meltdown-checker
    Spectre and Meltdown mitigation detection tool v0.44
    
    Checking for vulnerabilities on current system
    Kernel is Linux 5.12.0-1-MANJARO #1 SMP PREEMPT Mon Mar 29 16:15:05 UTC 2021 x86_64
    CPU is AMD Ryzen 7 2700U with Radeon Vega Mobile Gfx
    
    Hardware check
    * Hardware support (CPU microcode) for mitigation techniques
      * Indirect Branch Restricted Speculation (IBRS)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates IBRS capability:  NO 
        * CPU indicates preferring IBRS always-on:  NO 
        * CPU indicates preferring IBRS over retpoline:  NO 
      * Indirect Branch Prediction Barrier (IBPB)
        * PRED_CMD MSR is available:  YES 
        * CPU indicates IBPB capability:  YES  (IBPB_SUPPORT feature bit)
      * Single Thread Indirect Branch Predictors (STIBP)
        * SPEC_CTRL MSR is available:  NO 
        * CPU indicates STIBP capability:  NO 
        * CPU indicates preferring STIBP always-on:  NO 
      * Speculative Store Bypass Disable (SSBD)
        * CPU indicates SSBD capability:  YES  (AMD non-architectural MSR)
      * L1 data cache invalidation
        * FLUSH_CMD MSR is available:  NO 
        * CPU indicates L1D flush capability:  NO 
      * CPU supports Transactional Synchronization Extensions (TSX):  NO 
      * CPU supports Software Guard Extensions (SGX):  NO 
      * CPU supports Special Register Buffer Data Sampling (SRBDS):  NO 
      * CPU microcode is known to cause stability problems:  NO  (family 0x17 model 0x11 stepping 0x0 ucode 0x810100b cpuid 0x810f10)
      * CPU microcode is the latest known available version:  NO  (latest version is 0x8101016 dated 2019/04/30 according to builtin firmwares DB v165.20201021+i20200616)
    * CPU vulnerability to the speculative execution attack variants
      * Vulnerable to CVE-2017-5753 (Spectre Variant 1, bounds check bypass):  YES 
      * Vulnerable to CVE-2017-5715 (Spectre Variant 2, branch target injection):  YES 
      * Vulnerable to CVE-2017-5754 (Variant 3, Meltdown, rogue data cache load):  NO 
      * Vulnerable to CVE-2018-3640 (Variant 3a, rogue system register read):  NO 
      * Vulnerable to CVE-2018-3639 (Variant 4, speculative store bypass):  YES 
      * Vulnerable to CVE-2018-3615 (Foreshadow (SGX), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3620 (Foreshadow-NG (OS), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-3646 (Foreshadow-NG (VMM), L1 terminal fault):  NO 
      * Vulnerable to CVE-2018-12126 (Fallout, microarchitectural store buffer data sampling (MSBDS)):  NO 
      * Vulnerable to CVE-2018-12130 (ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)):  NO 
      * Vulnerable to CVE-2018-12127 (RIDL, microarchitectural load port data sampling (MLPDS)):  NO 
      * Vulnerable to CVE-2019-11091 (RIDL, microarchitectural data sampling uncacheable memory (MDSUM)):  NO 
      * Vulnerable to CVE-2019-11135 (ZombieLoad V2, TSX Asynchronous Abort (TAA)):  NO 
      * Vulnerable to CVE-2018-12207 (No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)):  NO 
      * Vulnerable to CVE-2020-0543 (Special Register Buffer Data Sampling (SRBDS)):  NO 
    
    CVE-2017-5753 aka 'Spectre Variant 1, bounds check bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
    * Kernel has array_index_mask_nospec:  YES  (1 occurrence(s) found of x86 64 bits array_index_mask_nospec())
    * Kernel has the Red Hat/Ubuntu patch:  NO 
    * Kernel has mask_nospec64 (arm64):  NO 
    * Kernel has array_index_nospec (arm64):  NO 
    > STATUS:  NOT VULNERABLE  (Mitigation: usercopy/swapgs barriers and __user pointer sanitization)
    
    CVE-2017-5715 aka 'Spectre Variant 2, branch target injection'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Full AMD retpoline, IBPB: conditional, STIBP: disabled, RSB filling)
    * Mitigation 1
      * Kernel is compiled with IBRS support:  YES 
        * IBRS enabled and active:  NO 
      * Kernel is compiled with IBPB support:  YES 
        * IBPB enabled and active:  YES 
    * Mitigation 2
      * Kernel has branch predictor hardening (arm):  NO 
      * Kernel compiled with retpoline option:  YES 
        * Kernel compiled with a retpoline-aware compiler:  YES  (kernel reports full retpoline compilation)
    > STATUS:  NOT VULNERABLE  (Full retpoline + IBPB are mitigating the vulnerability)
    
    CVE-2017-5754 aka 'Variant 3, Meltdown, rogue data cache load'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports Page Table Isolation (PTI):  YES 
      * PTI enabled and active:  NO 
      * Reduced performance impact of PTI:  NO  (PCID/INVPCID not supported, performance impact of PTI will be significant)
    * Running as a Xen PV DomU:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3640 aka 'Variant 3a, rogue system register read'
    * CPU microcode mitigates the vulnerability:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3639 aka 'Variant 4, speculative store bypass'
    * Mitigated according to the /sys interface:  YES  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    * Kernel supports disabling speculative store bypass (SSB):  YES  (found in /proc/self/status)
    * SSB mitigation is enabled and active:  YES  (per-thread through prctl)
    * SSB mitigation currently active for selected processes:  YES  (gsettings-helper ModemManager pipewire pulseaudio systemd-journald systemd-logind systemd-timesyncd udevadm upowerd)
    > STATUS:  NOT VULNERABLE  (Mitigation: Speculative Store Bypass disabled via prctl and seccomp)
    
    CVE-2018-3615 aka 'Foreshadow (SGX), L1 terminal fault'
    * CPU microcode mitigates the vulnerability:  N/A 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3620 aka 'Foreshadow-NG (OS), L1 terminal fault'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports PTE inversion:  YES  (found in kernel image)
    * PTE inversion enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-3646 aka 'Foreshadow-NG (VMM), L1 terminal fault'
    * Information from the /sys interface: Not affected
    * This system is a host running a hypervisor:  NO 
    * Mitigation 1 (KVM)
      * EPT is disabled:  N/A  (the kvm_intel module is not loaded)
    * Mitigation 2
      * L1D flush is supported by kernel:  YES  (found flush_l1d in kernel image)
      * L1D flush enabled:  NO 
      * Hardware-backed L1D flush supported:  NO  (flush will be done in software, this is slower)
      * Hyper-Threading (SMT) is enabled:  YES 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12126 aka 'Fallout, microarchitectural store buffer data sampling (MSBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12130 aka 'ZombieLoad, microarchitectural fill buffer data sampling (MFBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12127 aka 'RIDL, microarchitectural load port data sampling (MLPDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2019-11091 aka 'RIDL, microarchitectural data sampling uncacheable memory (MDSUM)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * Kernel supports using MD_CLEAR mitigation:  YES  (found md_clear implementation evidence in kernel image)
    * Kernel mitigation is enabled and active:  NO 
    * SMT is either mitigated or disabled:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2019-11135 aka 'ZombieLoad V2, TSX Asynchronous Abort (TAA)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * TAA mitigation is supported by kernel:  YES  (found tsx_async_abort in kernel image)
    * TAA mitigation enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2018-12207 aka 'No eXcuses, iTLB Multihit, machine check exception on page size changes (MCEPSC)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * This system is a host running a hypervisor:  NO 
    * iTLB Multihit mitigation is supported by kernel:  YES  (found itlb_multihit in kernel image)
    * iTLB Multihit mitigation enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    CVE-2020-0543 aka 'Special Register Buffer Data Sampling (SRBDS)'
    * Mitigated according to the /sys interface:  YES  (Not affected)
    * SRBDS mitigation control is supported by the kernel:  YES  (found SRBDS implementation evidence in kernel image. Your kernel is up to date for SRBDS mitigation)
    * SRBDS mitigation control is enabled and active:  NO 
    > STATUS:  NOT VULNERABLE  (your CPU vendor reported your CPU model as not vulnerable)
    
    > SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK CVE-2019-11135:OK CVE-2018-12207:OK CVE-2020-0543:OK
    
    Need more detailed information about mitigation options? Use --explain
    A false sense of security is worse than no security at all, see --disclaimer
    GRUB2 Secure Boot Bypass 2021 | Ubuntu
    Last edited by MikeMecanic; 01 Apr 2021 at 07:35.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:26.
Find Us




Windows 10 Forums