Researchers at U-M were part of a group that discovered a new processor vulnerability that could potentially put secure information at risk in any Intel-based PC manufactured since 2008. It could affect users who rely on a digital lockbox feature known as Intel Software Guard Extensions, or SGX, as well as those who utilize common cloud-based services, a new report says.
The group found the security hole, called Foreshadow, in January and informed Intel. That led Intel to discover its broader potential in the cloud. This second variant, Foreshadow-NG, targets Intel-based virtualization environments that cloud computing providers like Amazon and Microsoft use to create thousands of virtual PCs on a single large server.
The flaw is similar to Spectre and Meltdown, the hardware-based attacks that shook the computer security world in early 2018. Intel has released software and microcode updates to protect against both varieties of attack.
Read the Foreshadow notice on the Safe Computing site for additional information and resources.