Invisible Things Lab – who specialize in system-level security – issued yesterday the results of their research in which they describe how flaws in Intel’s Trusted Execution Technology (whose function is to provide a mechanism for safe loading of system software and to protect sensitive files) can be used to compromise the integrity of a software loaded via an Intel TXT-based loader in a generic way, fully circumventing any protection TXT is supposed to provide.
The attack exploits an implementation error in the so called SINIT Authenticated Code modules that could potentially allow a malicious attacker to elevate their privileges.
Intel Trusted Execution Technology (TXT) is currently part of the Intel vPro brand and is a key component of the Intel’s Safer Computing Initiative. Intel TXT comprises a set of extensions to the CPU and to the chipset, and also makes extensive use of the Trusted Platform Module 1.2 (TPM).
The researchers have informed Intel about the SINIT implementation error, together with description how it could be exploited. Intel has confirmed the vulnerability shortly afterwards, and they agreed to withhold the publication of the paper describing the attack until Intel fixes the problem and publishes updated SINIT modules and a security advisory.
Products affected by the vulnerability are systems with Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets.
To get more details about this proof-of-concept attack, go here.