Positive Technologies, a vulnerability assessment, compliance management and threat analysis solutions company, announced this week that it's discovered
yet another undocumented feature in Intel's chipsets, after previously stumbling upon an undocumented mode developed by Intel
specifically for the NSA. The feature, Intel Visualization of Internal Signals Architecture (VISA), could allow attackers to gain the lowest-levels of access to Intel CPUs and any data being processed by those
CPUs.
The good news is that the feature is disabled by default (unlike Intel ME, which is enabled by default on most Intel-based machines), so attackers can't exploit VISA without first finding a way to enable it. However, according to the researchers, Apple mistakenly shipped some laptops with VISA enabled by default, so chances are that other laptop manufacturers did the same.
The bad news is that the Positive Technologies researchers found a way to disable VISA using an older Intel ME vulnerability. Intel released a firmware patch that fixes that vulnerability back in 2017, but unless your laptop maker or motherboard maker has sent your the updated firmware and you updated your system with it, your PC will remain vulnerable. This bug can't be fixed through operating system updates.
The silver lining is that if an attacker can exploit your system through the existing Intel ME vulnerability, then there they can't do much worse by also gaining access to VISA. However, if in the future attackers find another way to enable VISA, even on systems with patched Intel ME firmware, that could indeed expose PC users to new dangers.
The researchers said that they have found three other ways to enable VISA themselves, which they will reveal in a presentation slide on the
Black Hat site in a few days. The researchers already presented this information at the Black Hat Asia 2019 cybersecurity conference, which started on March 26 and ends today.
