Intel CPU Privilege Escalation Exploit 242
Eukariote writes "A paper and exploit code detailing a privilege escalation attack on Intel CPUs has just been published. The vulnerability, uncovered by security researchers Joanna Rutkowska (of Blue Pill fame), Rafal Wojtczuk, and, independently, Loic Duflot, makes use of Intel's System Management Mode (SMM). Quote: "The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM." The implications of this exploit are severe."
Ouch (Score:5, Funny)
CD Boot (Score:5, Funny)
Haven't these guys ever booted from a CD?
But more importantly... (Score:5, Funny)
Easy workaround (Score:5, Funny)
Run all code on a 286 or below.
Re:CD Boot (Score:5, Funny)
Re:But more importantly... (Score:2, Funny)
Let's go retro (Score:2, Funny)
Re:But more importantly... (Score:5, Funny)
This [amazonaws.com] is an even better picture. But it's not Joanna.
Re:Easy workaround (Score:3, Funny)
Your lulz make my Sparcstation weep....
Re:Apple (Score:2, Funny)
Does this mean Apples are vulnerable?
No. Macs are imperious to rootkits. Now check out this super cool beta version of Safari [tinyurl.com]:
Re:Ouch (Score:5, Funny)
Re:CD Boot (Score:2, Funny)
I'll reserve my judgement on this until I read more from someone that owns a clue.
I assume you meant "powns a clue".
Re:Ring of Fire (Score:3, Funny)
Re:Ring of Fire (Score:1, Funny)
No-one is going to running in my ring 0 unless they pay a million or two
Re:Ouch (Score:5, Funny)
I was on the apple bricking patch for a while, it really helped me quit apple bricking.
Re:But more importantly... (Score:2, Funny)
Ahem.
http://xkcd.com/322/
Re:Inexcusable (Score:3, Funny)
Hard real time is a world in which stuff is expected to actually work every time.
So instead of "real time kernel" it should be called "every time kernel" :-)
Re:Bring back burning at the stake! (Score:4, Funny)
I for one would like to welcome our new flaming devil overlords