Dutch researchers found a new vulnerability in Intel processors which have Hyper-threading enabled.
The vulnerability allows the extraction of crypto keys from other programs running on the same processor by exploiting the processor's translation lookaside buffer (TLB). According to all reports, for this vulnerability to be exploited, direct access to the vulnerable system is required. Access through a direct logon or malware. There are currently no reports of this vulnerability having been exploited in the wild.
At this point, Intel has no plans to release a fix for this vulnerability. If you're interested in the full story you can find it
here.
To find assets on which this vulnerability could potentially be exploited on, you can run the report below. This report displays all assets which have Intel processors with more logical cores than physical cores (indicating the presence of Hyper-Threading).
You can find a guide on how to add this report to your Lansweeper installation
here.
Select Distinct Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Firstseen,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblProcessor.NumberOfCores,
tblProcessor.NumberOfLogicalProcessors,
Case
When tblProcessor.NumberOfCores < tblProcessor.NumberOfLogicalProcessors
Then 'hyperthreading enabled'
Else 'hyperthreading disabled'
End As HyperthreadingCheck
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tblProcessor On tblAssets.AssetID = tblProcessor.AssetID
Where Case
When tblProcessor.NumberOfCores < tblProcessor.NumberOfLogicalProcessors
Then 'hyperthreading enabled'
Else 'hyperthreading disabled'
End Like '%enabled%' And tblAssetCustom.State = 1 And
tblProcessor.Manufacturer Like '%Intel%'
Order By tblAssets.Domain,
tblAssets.AssetName