To mitigate this issue, please consider disabling special register read operations for Spectre v2 mitigation. Intel has released software updates for the impacted processors. For more information, including software updates for these processors, please refer to https://support.intel.com/community/processors/eng/security/spectre.
In addition, system administrators are advised to consider disabling privileged instructions that allow access to specific registers.
On systems using Intel(R) Turbo Boost Technology, users may experience reduced performance when TDP constrained devices are applied due to a regression in the handling of the CPUID with v2 erratum. On systems using Intel(R) Hyper-threading Technology, disabling Hyper-threading may cause applications to experience reduced performance due to a regression in the handling of the CPUID with v2 erratum.
In some cases, this issue may be mitigated by disabling virtualization.
Various Microsoft products are vulnerable to an unauthenticated remote code execution vulnerability, which could allow hackers to take control of devices. A potential workaround for this issue is to update your Windows software.
Microsoft has released a patch for this vulnerability, which may be applied by system administrators.
On 24 October 2018, Google researchers reported a critical flaw in Broadcom’s Wi-Fi chipset. They found that by using a fake access point, an attacker could take remote control of a targeted device
Microsoft Windows OS
A critical vulnerability in Google’s Chrome browser is also targeting Microsoft Windows OS. It was found that malicious websites could exploit the flaw to gain remote access to systems running this OS.
Google Wi-Fi Bypass Vulnerability
This is a critical vulnerability that allows attackers to take remote control of targeted devices. Google has confirmed the existence of this vulnerability and reported that millions of devices could be vulnerable. The problem exists because Broadcom’s Wi-Fi chipset does not sufficiently validate the authenticity of access points before allowing clients to connect to them. This vulnerability only affects devices with Broadcom’s Wi-Fi chip and not products from other manufacturers.
To mitigate this issue, please consider disabling special register read operations for Spectre v2 mitigation. Intel has released software updates for the impacted processors. For more information, including software updates for these processors, please refer to https://support.intel.com/community/processors/eng/security/spectre.
In addition, system administrators are advised to consider disabling privileged instructions that allow access to specific registers.
Google Chrome and Broadcom Wi-Fi Chipset
At Google, we take security very seriously. In this case, the vulnerability was promptly reported to Broadcom. They updated key software components to fix the vulnerability and released a firmware update on 11 November 2018 that resolves the issue.
However, there is no guarantee that other Wi-Fi devices are not also affected by this issue.
On 24 October 2018, Google researchers reported a critical flaw in Broadcom’s Wi-Fi chipset. They found that by using a fake access point, an attacker could take remote control of a targeted device. This is just one of many vulnerabilities found in modern computing hardware that require changes to be made at the firmware level in order to close loopholes and make devices more secure again. The last thing you want as a system administrator or user is to have your device compromised with an exploit like this because it requires physical access to your device for exploitation. It's best practice for any modern computing device such as laptops or desktops (and smart phones) to only allow legitimate users access before connecting them to an unsecured wireless network or open Wi-Fi hotspot.
Microsoft Edge
Microsoft Edge is not at risk of exploitation by this vulnerability.
Timeline
Published on: 06/15/2022 20:15:00 UTC
Last modified on: 07/07/2022 11:15:00 UTC
References
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00615.html
- http://www.openwall.com/lists/oss-security/2022/06/16/1
- https://security.netapp.com/advisory/ntap-20220624-0008/
- https://www.debian.org/security/2022/dsa-5178
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21127