- This new update will patch the bug present in SGX which exposed admin privileges in the software.
- Intel described the bug as ‘improper file verification’, which can allow malware to take complete control over the affected system.
Software Guard Extensions (SGX), Intel’s trademark technology that protects application data from being misused, was hit with a new vulnerability recently. Known as CVE-2018-18098, the security issue concerns admin privileges that can be manipulated by threat actors such as malware.
Security researcher SaifAllah benMassaoud discovered this vulnerability. He explained that the flaw can be exploited using a .bat file inserted as an attachment in an email. When the user downloads and runs this file, it can tweak and manipulate admin privileges on the user’s machine.
“Once the file is opened by the victim who uses the affected software, it will automatically download and execute a malicious code from attacker's server to the vulnerable setup version of Intel SGX SDK and Platform Software on the victim's machine," benMassaoud told The Register.
SGX software may be the culprit
The Register also connoted that the vulnerability may be because of the SGX software itself. “The problem lies not within the processor's SGX hardware, though, but in the software layer above it. When enclave code is installed by a normal user on a Windows system, it is possible to hijack the installer, via a process injection attack, to gain admin rights on the box.”
Enclaves form the protected areas for processes to store critical application data. Feeding malicious code into these areas can alter the way the software is intended to run. In the case of CVE-2018-18098 vulnerability, it leads to an escalation of admin privileges and information disclosure to threat actors.