A new design flaw has been unraveled in the x86 architecture based Intel processors which were produced prior to Sandy Bridge, between 1997 and 2010. Security researcher Chris Domas disclosed the vulnerability at the Black Hat security conference, which apparently allows hackers to install a rootkit in the processors System Management Mode (SMM).
SMM essentially is a protected region of code, which forms the core element of all the firmware related security features in most modern day computers. Hence, once the rootkit has been installed, it could be used for potentially hazardous attacks like killing the entire UEFI (Unified Extensible Firmware Interface), the BIOS architecture and can be used to re-infect the OS even after performing a clean install. Hence, the attacker can have total control over a user’s computer, even if one re-installs the OS several times.
Meanwhile, Domas suggests that Intel is aware of the issue and has rectified it with kits latest CPUs. The chipmaker is also seeding out firmware updates for these older processors, though all of them cannot be fixed, he added. For now, the exploit has only been tested on x86 based Intel CPUs, though Domas suggests that x86 processors made by AMD in theory, should be affected by the same exploit.
However, there’s no immediate or direct threat from the vulnerability, as attackers would need kernel or system access on a computer to install the rootkit vulnerability. Though what it can do is make the vulnerability rather difficult or impossible to fix should an attacker get this low-level OS access. Even if BIOS/UEFI updates are made available by manufacturers, the likelihood of its adoption rate are fairly less as manufacturer support for a product that is, for the most part, outdated, would be rather negligible.