'

​Microsoft: Here's how to limit 'Foreshadow' attack impact

Windows Server admins using Hyper-V have some complicated choices to make about how best to mitigate Foreshadow on Intel hardware.

Microsoft has published guidance for those keen to mitigate the impact of the latest L1 Terminal Fault (L1TF) or 'Foreshadow' speculative execution side channel attacks affecting Intel CPUs.

In some shared resource environments like cloud-computing environments L1TF could allow one virtual machine to improperly access information from another, although Microsoft notes an attacker would need prior access to the system or the ability to run code on the system to leverage this vulnerability.

In a general advisory from Microsoft, the firm has warned that customers using Windows client operating systems with affected Intel processors may need to apply both firmware (Microcode) and software updates, depending on how the system is configured.

Foreshadow is particularly risky in virtual environments and tricky to mitigate, so Microsoft has posted several detailed blogs to help admins who manage Windows Server with Hyper-V hypervisor.

L1TF, which consists of three distinct vulnerabilities, are potentially nasty for shared IT environments and will demand special attention from admins running Windows, Windows Server and Microsoft's Hyper-V hypervisor on machines with affected Intel Core and Xeon processors.

SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF)

To recap, the Foreshadow bugs tracked as CVE-2018-3615 affects Intel's Software Guard Extensions (SGX) enclaves, while CVE-2018-3620 affects operating systems and System Management Mode (SMM) memory, while CVE-2018-3646 impacts virtualization.

L1TF allows a virtual machine running on a processor core to see any data in the L1 data cache on that core.

In a technical post aimed at security engineers, Matt Miller from Microsoft's security response center explains that L1TF belongs in the same class of speculative execution attacks as Meltdown and the recently disclosed Lazy FP State Restore bugs. The L1TF bugs however are rated as much more dangerous than Meltdown.

"Unlike Meltdown (CVE-2017-5754) which only affected the kernel-to-user scenario, L1TF is applicable to all intra-device attack scenarios," noted Miller.

L1TF is open to the six other attack scenarios that were possible using the two variants of Spectre, which undermined hardware-based virtualization isolation, process and kernel-user boundaries, and allowed an attacker to read memory inside a secure enclave such as Intel's SGX.

Miller says Microsoft's August patches attempt to address L1TF "as close to the root cause as possible", but also notes that there are multiple mitigations that can be used and in many cases need to be combined.

Those updates on supported versions of the Windows kernel and Hyper-V hypervisor will automatically enforce a method to mitigate two key methods an attacker could use L1TF, related to the way each handle page table entries. However, those mitigations need to be manually enabled on Windows Server.

The other combined mitigation from Microsoft's August patches and Intel's microcode firmware update is to "flush" the L1 data cache when transitioning between security domains.

"Beginning with the August, 2018 Windows security updates, the Hyper-V hypervisor now uses the new L1 data cache flush feature when present to ensure that VM data is removed from the L1 data cache at critical points," explained Miller.

"On Windows Server 2016+ and Windows 10 1607+, the flush occurs when switching virtual processor contexts between VMs. This helps reduce the performance impact of the flush by minimizing the number of times this needs to occur. On previous versions of Windows, the flush occurs prior to executing a VM (e.g. prior to VMENTRY)."

However, this mitigation is complicated by Intel's HyperThreading CPU performance booster, which allows multiple logical processors to execute simultaneously on a physical core. It's possible that the L1 data cache for one core can be "polluted" with data from another security domain after a flush occurs.

SEE: Windows 10 April 2018 Update: An insider's guide (free PDF)

Hyper-V hypervisor on Windows Server 2016 prevents this using a feature called "core scheduler", but it's opt-in in Windows Server 2016, and will be enabled by default in Windows Server 2019.

All earlier versions of Windows Server don't support core scheduler and so it might be necessary to disable HyperThreading or ensure L1 cache flush works correctly, at the expense of the HyperThreading's performance improvements. Admins also need to consider that HyperThreading weakens information protected by Microsoft Virtualization Based Security (VBS).

Microsoft says in a Windows Server support note on L1TF that systems not running Hyper-V and without VBS enabled should not disable HyperThreading. Nor should it be disabled on machines running Windows Server 2016 Hyper V and that do not have VBS enabled.

"Customers who want to eliminate the risk that the L1TF vulnerability poses to the confidentiality of Hyper-V versions earlier than Windows Server 2016 or the risk to VBS security capabilities must weigh the decision and consider disabling HyperThreading to mitigate the risk," Microsoft says.

Microsoft's answer to L1TF for Hyper-V on its Azure cloud platform is HyperClear, which it claims has "relatively negligible performance impact". HyperClear consists of core scheduler, virtual-processor address space isolation, and sensitive data scrubbing.

An Intel spokesperson told ZDNet in a statement: "L1 Terminal Fault is addressed by microcode updates released earlier this year, coupled with corresponding updates to operating system and hypervisor software that are available starting today. We've provided more information on our web site and continue to encourage everyone to keep their systems up to date, as its one of the best ways to stay protected. We'd like to extend our thanks to the researchers at imec-DistriNet, KU Leuven, Technion- Israel Institute of Technology, University of Michigan, University of Adelaide and Data61 and our industry partners for their collaboration in helping us identify and address this issue."

READ MORE ON SECURITY