Ring3 Attackers: 64-bit Privilege Escalation Vulnerability on Intel CPU Hardware

Overview

Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.

Description

A ring3 attacker may be able to specifically craft a stack frame to be executed by ring0 (kernel) after a general protection exception (#GP). The fault will be handled before the stack switch, which means the exception handler will be run at ring0 with an attacker’s chosen RSP causing a privilege escalation.

Find out more about this story at US-CERT: www.kb.cert.org/vuls/id/649219

 

You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against these types of threats.