A structural flaw in the processors Intel with x86 architecture, which dates back to two tens or so, could allow installation Rootkit at low-level firmware of computers. This type of malware allows the continuous access on a computer with superuser privileges, while actively hiding its presence from administrators by integrating into basic archives operating system or other applications.
The specific flaw, which is found in a feature introduced in the x86 architecture in 1997, was revealed last Thursday at the Black Hat conference by Christopher Domas, a security researcher at the Battelle Memorial Institute.
The researcher demonstrated that through successful exploitation of the vulnerability, attackers are able to install rootkits on SMM (System Management Mode) of the processor, a protected area of code that governs all firmware security features in modern computers.
Once installed, Rootkit could be used for malicious attacks, such as deleting the UEFI (Unified Extensible Firmware Interface) of modern BIOS or even re-infecting the operating system despite attempts to format it.
According to Domas, Intel is aware of this particular issue, which has been mitigated by its latest processors. The company has released several firmware upgrades for older processors, but not all can be repaired, the researcher says.
To successfully exploit the vulnerability and install the rootkit, attackers must have retrieved kernel privileges or administrator privileges. This means that the defect cannot be used on its own to breach a system, but it could make an existing malware infection highly resistant and completely invisible.
Domas demonstrated the successful exploitation of the exploit in Intel processors, but noted that AMD's x86 processors are theoretically vulnerable.
