Recently, there was a disclosure by several software companies that there is a hardware flaw in Intel’s 64-bit chips which allows for privilege escalation attacks. I’m not going to delve into too much detail on this one, but want to help provide a few links that will further general understanding on who this vulnerability impacts and why it is important. As far as I can tell, the only operating systems not affected are OpenBSD and most modern Linux (who fixed this in 2006) distributions (the kernel-level patch was included in 126.96.36.199).
If you click that last link, you’ll see a flurry of activity around this vulnerability back in 2006 – several Linux distributions confirm it exists, alongside two major security advisory firms (Vupen and Secunia). I’m not an expert on the vulnerability/disclosure ecosystem, but in hindsight (where vision is always 20/20), it seems fairly obvious that this flaw should be tested on other operating systems and software as well. I really wish I had an answer as to why this vulnerability was not addressed by anyone else. Operating systems affected includes Windows XP, 7, and Server, as well as NetBSD and FreeBSD. Some virtualization/hypervisor solutions such as Xen and Citrix were affected, though interestingly the popular VMware was not, as they did not make any calls using the questionable SYSRET call which is vulnerable.
If you want a slightly more technical explanation of how this bug works, check out Xen’s blog – Xen is an open-source virtualization company whose products were affected (and have since been patched).