根據美國US-Cert所發布的最新漏洞CVE-2012-0217指出. 有心者可以透過CPU本身的設計漏洞, 進而控制整台電腦, 此漏洞危險之處是不限任何作業系統, 並且包含虛擬機器也可以透過攻擊GuestOS來取得Host的權限, 請各系統管理者盡速安裝修補程式
擷取部分來源, 若需觀看全文, 請參考引用來源網址
Overview
Some 64-bit operating systems and virtualization software running on Intel CPU hardware are vulnerable to a local privilege escalation attack. The vulnerability may be exploited for local privilege escalation or a guest-to-host virtual machine escape.
Intel claims that this vulnerability is a software implementation issue, as their processors are functioning as per their documented specifications. However, software that fails to take the Intel-specific SYSRET behavior into account may be vulnerable. |
|