News

Microsoft Touts HyperClear Protection Against RETbleed and Other New Side-Channel Attacks

• By Kurt Mackie
• 07/21/2022

Microsoft announced on Tuesday that its HyperClear technology used with its Hyper-V hypervisor offers protections against new speculative execution side-channel attack methods that were disclosed last week by AMD and Intel.

There are four common vulnerability and exposure (CVE) labels for these new side-channel attack methods, which were characterized as being "very similar to the Spectre (variant 2) side channel attack" methods described in "early 2018," per Microsoft's announcement.

New Side-Channel Vulnerabilities
Here are those four vulnerabilities, which were largely unearthed by ETH Zurich university researchers:

• CVE-2022-23825 for Branch Type Confusion
• CVE-2022-29900 for "RETbleed' attacks
• CVE-2022-29901 for Return Stack Buffer Underflow (RSBA) attacks, and
• CVE-2022-28693 for Restricted Return Stack Buffer Underflow (RRSBA) attacks.

The Branch Type Confusion issue can be leveraged by attackers "to predict the wrong branch type, potentially leading to information disclosure," AMD explained.

The RETbleed issue relies on "mistrained branch predictions" to carry out "arbitrary speculative code execution," AMD indicated.

The Return Stack Buffer, which "provides predictions for RET instructions," can sometimes underflow, and "could cause a RET instruction in the kernel to predict a target chosen by user-mode software," Intel explained. RET is assembly language lingo for "return from procedure."

The AMD and Intel advisories listed the affected processors, which range across CPUs used for desktop machines, graphics cards, mobile devices and servers.

Intel's announcement rated the vulnerabilities at "4.7" or "Medium" in severity.

HyperClear Mitigations
Organizations using Microsoft's HyperClear technology with Hyper-V have mitigations in place for these four newly disclosed speculative execution attack methods, Microsoft's announcement contended. Microsoft had applied minor changes to HyperClear in 2019 to protect against Meltdown and Spectre, and it didn't do any major updates to HyperClear for protections against the four newly disclosed vulnerabilities.

"I'm happy to share that once again, no significant HyperClear updates were needed to mitigate these new vulnerabilities and help protect our customers," stated Bruce Sherwin of Microsoft's Hyper-V development team, in the announcement.

HyperClear technology was first added to Windows Server 2016, and was described as offering a "comprehensive mitigation" to a speculative execution side-channel attack method called "L1 Terminal Fault" (CVE 2018-3646), according to this Microsoft document.

Meltdown and Spectre
Speculative execution is typically used by chipmakers to speed up processor performance. It's done by executing in advance the next possible next steps within an operating system's kernel.

In early 2018, hardware and software industry participants described various "side-channel" attack methods for tapping into the speculative execution process and stealing information. These attack methods were dubbed "Meltdown" and "Spectre" by security researchers at the time. It led to widespread hardware and software revamps by industry players to address the issues.