19. March 2009 by admin.

The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. This particular exploit can hide itself in the SMM space when tied with a rootkit. While we are all concerned about a probable hypervisor exploit, the SMM attacks work at an even deeper hardware level of abstraction, as SMM is more privileged than a hypervisor. The Operating System cannot disable or ignore SMI calls. To disable SMM one has to disassemble the the firmware physically. Since SMI takes precedence over any OS call, an SMM rootkit is extremely stealthy. Rafal Wojtczuk released the paper explaining the exploit and the code. Now somebody has to integrate it with a hypervisor rootkit like Blue Pill or GMER. 

The paper and the code can be found at:

http://sanjaysays.com/__oneclick_uploads/2009/03/smm_cache_fun1.pdf

Posted in Technology | Print | 2 Comments »

18. March 2009 by admin.

Technical details: F
Support for Microsoft Hyper-V: F
Support for VMWARE: A
Support for XenServer: B
SMB usefulness: F
Green Field applicability: A
Forklift upgrade needed: A
320 blades per managed entity: A
640 sockets (2560 cores): A
192GB RAM/blade (60TB): A

Posted in Technology | Print | 1 Comment »