Intel has released a microcode update that patches the issue. This is an example of ethical hacking and responsible disclosure to a vendor. Since this technique is believed to only be exploitable by an attacker who already has root-level access to a system, the best approach is to apply the patch and put detections in place to prevent attackers from getting root access to begin with. Organizations can greatly benefit from using penetration testing services, such as TrustedSec, that are capable of attacking a company’s systems in an effort to find exploitable flaws in a system to suggest fixes to patch those flaws. Also utilizing a managed Endpoint Detection and Response (EDR) system, such as the Binary Defense Security Operations Center, can monitor, detect and defend from attacks such as these by detecting attacker behaviors that appear after the attacker has exploited the system to elevate privileges. Even if the exploitation of a new vulnerability is not detected by traditional security tools, the actions that the attacker takes after gaining access can be detected through advanced techniques, including adversary deception and active defense measures included in advanced EDR software.
Source Article: https://plundervolt.com/, https://cyware.com/news/intel-cpu-flaw-lets-attackers-manipulate-voltage-and-leak-secrets-6a839991