Load Value Injection / CVE-2020-0551 / INTEL-SA-00334
Currently there are no known exploit vectors, beyond a theoretical proof of concept. Like previous speculative execution vulnerabilities such as Spectre and Meltdown these types of attacks cannot be used to compromise a computer system by themselves. Additionally, Intel has performed deep analysis and states LVI attacks are not practical in real-world environments.
Local system access is required to exploit vulnerabilities such as LVI, Spectre, Meltdown, and related variants. An attacker would need to gain access to the operating system either directly or by convincing an unsuspecting user to execute malicious code that is capable of evading security controls.
Security experts including SANS have concluded the systems at highest risk are multi-user multi-tenant operating systems such as hypervisor and cloud infrastructures.
- Digitally signed software
- McAfee whitelisting protection embedded into office devices
- Onboard software verification
We will continue to monitor the situation and act accordingly to protect our provisions of products to you both now and in the future.
Always consult with your IT department as appropriate.