New security vulnerability uncovered in old Intel x86 chipsets

A new security vulnerability has been discovered by a security researcher inside all processors released by Intel between 1997 and 2010. The exploit can allow an intruder to take control of a PC and infect the machine, even after the victim wipes the hard drive and reinstalls the operating system.Intel processors are displayed at a store in Seoul June 21, 2012 (Reuters/Choi Dae-woong)

Security researcher Chris Domas has uncovered a new design flaw in the x86 architecture-based Intel processors manufactured before Sandy Bridge. At the Black Hat security conference, Domas disclosed the vulnerability, which hackers can exploit by installing a rootkit in the processors System Management Mode (SMM). Domas demonstrated how hackers could bypass the security measures built into the older Intel CPUs by launching a carefully crafted attack, and also released a proof-of-concept code for the attack.

Such type of firmware-level attack cannot be detected by antivirus software and be removed by reformatting the hard drive, or even by reinstalling the computer's operating system. This leaves little option for victims whose machines are infected apart from checking the firmware code for anything malicious. The good news is that the vulnerability does not pose an immediate threat, as any attacker will require kernel or system access to the machine, in order to install the rootkit vulnerability. But if an attacker does manage to acquire the low-level OS access, then it could be tough or nearly impossible to fix the vulnerability. According to Domas, "the vulnerability [is] extremely difficult, but not impossible, to apply in practice."

Intel is aware of the vulnerability and has corrected the issues in its latest CPUs, and is also seeding out firmware updates for the older processors. But Domas has warned that Intel will be unable to fix all of its older CPUs. Domas has also said that as of now, the exploit has been tested only on x86-based Intel processors, but it is possible for the same vulnerability to exist on AMD's x86 processors.