這是一個intel CPU的漏洞所導致的一個弱點！
可能會被用來進行遠端攻擊，受影響的作業系統為"任何"

預知詳情請參考
http://antimalicious.blogspot.com/2008/07/intel-cpu-bug.html

引用:

Presentation Title: Remote Code Execution Through Intel CPU Bugs
Presentation Abstract:

According to the Intel Specification Updates, Intel Core 2 has 128 confirmed bugs. Intel Itanium (designed for critical systems) looks more 「promising」, carrying over 230 bugs. They have all been confirmed by Intel and described in errata section of their specification updates. Some bugs 「just」 crash the system (under quite rare conditions) while the others give the attackers full control over the machine. In other words, Intel CPUs have exploitable bugs which are vulnerable to both local and remote attacks which works against any OS regardless of the patches applied or the applications which are running.

Although CPU bugs are not something new in the security industry, nobody has come out with any proof-of-concept exploits and as it stands, there are no known malware that take advantage of these bugs, although some malware writers have actually used CPU bugs for targeted attacks. It is just a matter of time before we start seeing these sort of attacks used in more devastating ways over the Internet. Intel has provided workarounds to major BIOS vendors for some of these bugs, but who knows which vendor actually uses them? End-users are in the dark as to how to check if they are secure or not. Intel doesn't provide any test program for this and the worst thing is - some bugs are still not fixed. In other words, Intel has no workaround for it.

In this presentation, I will share with the participants the finding of my CPU malware detection research which was funded by Endeavor Security. I will also present to the participants my improved POC code and will show participants how it's possible to make an attack via JavaScript code or just TCP/IP packets storms against Intel based machine. Some of the bugs that will be shown are exploitable via common instruction sequences and by knowing the mechanics behind certain JIT Java-compilers, attackers can force the compiler to do what they want (for example: short nested loops lead to system crashes on many CPUs). I will also share with the participants my experience in data recovery and how CPU bugs have actually contributed in damaging our hard drives without our knowledge.

About Kris

Kris Kaspersky has over 15 years of software engineering and reverse engineering experience in CD/DVD protections, PE/ELF packers/protectors, CD/DVD copiers, audio/video codecs (MPEG 1/MPEG 2/MPEG 4), data flow optimization, CPU-specific optimization, compiler specific optimization, debugging code and much more. As an independent consultant and technical writer, Kris has been an active researcher in the field of reverse engineering and pretty much dedicated his daily life in mastering the art. He possesses a deep knowledge in OS internals and low level ASM. He is also the author for Xakep magazine and has published more than 20 books about system programming. The titles of his English publications are below:

* Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming (ISBN: 1931769222);
* Hacker Disassembling Uncovered: Second Edition, totally rewritten (ISBN-10: 1931769648);
* CD Cracking Uncovered: Protection Against Unsanctioned CD Copying (ISBN-10: 1931769338);
* Data Recovery: Tips and Solutions: Windows, Linux, and BSD (ISBN-10: 1931769567);
* Code Optimization: Effective Memory Usage (ISBN-10: 1931769249);
* Shellcoder's Programming Uncovered (ISBN-10: 193176946X);
* Hacker Debugging Uncovered (ISBN-10: 1931769400)

聽說可以靠BIOS修補漏洞∼

簡報標題：遠程執行代碼，通過英特爾的CPU錯誤
簡報摘要：

根據英特爾的規格更新，英特爾核心2 128證實的錯誤。英特爾Itanium （設計，對於重要的系統）期待更多“ ，許諾” ，載有230錯誤。他們都被證實是由英特爾和描述的勘誤表一節他們的規格更新。一些錯誤的“公正”撞車系統（下相當罕見的條件），而其餘的讓攻擊者完全控制的機器。在其他換句話說，英特爾CPU已經利用臭蟲，這很容易在本地和遠程攻擊，其中工程對任何操作系統，不論補丁適用或申請正在運行的程序。

雖然CPU的錯誤是沒有在一些新的保安業，沒有人出來與任何概念證明型攻擊，因為它的立場，有沒有已知的惡意軟件充分利用這些錯誤的，雖然有些人的惡意軟件作者已實際使用的CPU的錯誤為有針對性的攻擊。這只是時間的問題之前，我們開始看到這類攻擊中使用的更具破壞性的方式，隨著國際互聯網。英特爾提供了替代方法，以BIOS的主要供應商的一些這些錯誤，但誰知道哪一個廠商，其實使用它們呢？最終用戶是在黑暗中，以如何檢查，如果他們是安全的或沒有。英特爾沒有提供任何測試程序為，這和最糟糕的事是-有些還存在很多缺陷不是固定不變的。在其他換句話說，英特爾已經沒有其他可行方案。

在此演示，我將分享同與會者進行的調查結果，我的CPU的惡意軟件檢測的研究是資助的奮鬥安全。我也會向與會者我改善中華民國守則，並會顯示參與者如何有可能使攻擊通過JavaScript代碼或只是TCP / IP封包風暴對英特爾基於機器。有些錯誤會顯示是利用通過共同的指令序列，並知道力學背後的某些JIT的Java的編譯器，攻擊者可以迫使編譯器做他們想要的（例如：短期嵌套循環，導致系統崩潰在許多的CPU ）。我也會分享與參加我的經驗，在數據恢復，以及如何CPU的錯誤，其實有助於在損害我們的硬盤，我們的知識。

約刃

克里斯卡巴斯基已超過15年的軟件工程和逆向工程的經驗，在CD / DVD的保護，聚乙烯/ Elf公司打包機/保護者， CD / DVD的複印機，音頻/視頻編解碼器（ 1/mpeg 2/mpeg的MPEG 4 ） ，數據流的優化， CPU特定的優化，具體優化編譯器，調試代碼和更多的工作。作為一個獨立的顧問和技術作家，克里斯一直積極研究在該領域的逆向工程和非常獻給了生活在掌握了藝術。他擁有深厚的知識在OS內部和低水平學會。他亦是作者為xakep雜誌已出版20多本有關系統編程。的標題，他的英文刊物如下：

*黑客拆解發現：強大的技術，以保障您的編程（國際標準書號： 1931769222 ） ;
*黑客拆解發現：第二版，完全改寫（國際標準書號- 10 ： 1931769648 ） ;
*裁談會開裂發現：保護對外圍CD複製（國際標準書號- 10 ： 1931769338 ） ;
*數據恢復：提示和解決方案：在Windows ， Linux和BSD （國際標準書號- 10 ： 1931769567 ） ;
*代碼優化：有效的記憶體使用量（國際標準書號- 10 ： 1931769249 ） ;
* shellcoder的節目破獲（國際標準書號- 10 ： 193176946x ） ;
*黑客調試破獲（國際標準書號- 10 ： 1931769400