Working Windows and Linux Spectre exploits found on VirusTotal

Working Windows and Linux Spectre exploits found on VirusTotal

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal.

The vulnerability was unveiled as a hardware bug in January 2018 by Google Project Zero researchers.

If successfully exploited on vulnerable systems, it can be used by attackers to steal sensitive data, including passwords, documents, and any other data available in privileged memory.

Spectre (CVE-2017-5753) side-channel attacks impact many modern processor models with support for speculative execution and branch prediction made by Intel, AMD, and ARM.

As Google found, Spectre also affects major operating systems, including Windows, Linux, macOS, Android, and ChromeOS.

Since its discovery, the hardware bug has received firmware patches and software fixes from all major processor and OS vendors.

Spectre exploit leaked on VirustTotal

Voisin found the two working Linux and Windows exploits on the online VirusTotal malware analysis platform.

Unprivileged users can use the exploits to dump LM/NT hashes on Windows systems and the Linux /etc/shadow file from the targeted devices' kernel memory.

The exploit also allows dumping Kerberos tickets that can be used w ..