Sunday, August 19, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Amazon to Release Live TV Recorder
U.S. Wants to Wiretap Facebook Messenger, Report Says
More Affordable, 13-inch MacBook and $160 AirPower Expected at Apple's Event
Google to Launch Its Own Smart Display, Report Says
Nvidia Reports Record Revenue From Datacenter, Gaming, Professional Visualization, Automotive
Arm Client CPU Roadmap Includes Advanced Hercules and Deimos Chips
Google To Release Lightweight Version of Android Pie for Entry-level Smartphones
Japan Accuses Apple of Pressuring Game Rivals: Nikkei
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > PC Parts > AMD to ...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, March 20, 2018
AMD to Fix 13 processors Vulnerabilities Reported by CTS Labs Research


AMD has released the first update regarding the security vulnerabilities involving some AMD products reported by CTS Labs, and the first updates are coming in the following weeks.

The security issues identified by the third-party researchers are not related to the AMD Zen CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. These issues are associated with the firmware managing the embedded security control processor in some of AMD products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

AMD has completed its assessment and is in the process of developing and staging the deployment of mitigations. All the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues.

The security issues identified are grouped into three major categories. The table below describes the categories, the AMD assessment of impact, and planned actions:

Vulnerability Groups

Problem Description & Method of Exploitation

Potential Impact

Planned AMD Mitigation

MASTERKEY

and

PSP Privilege Escalation

(AMD Secure Processor or "PSP"firmware)

Issue: Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption.

 

Method: Attacker requires Administrative access

Attacker can circumvent platform security controls. These changes are persistent following a system reboot.

Firmware patch release through BIOS update. No performance impact is expected.

 

AMD is working on PSP firmware updates that we plan to release in the coming weeks.

 

RYZENFALL and FALLOUT

 

(AMD Secure Processor firmware)

 

Issue: Attacker who already has compromised the security of a system writes to AMD Secure Processor registers to exploit vulnerabilities in the interface between x86 and AMD Secure Processor (PSP).

 

Method: Attacker requires Administrative access.

 

Attacker can circumvent platform security controls but is not persistent across reboots.

 

Attacker may install difficult to detect malware in SMM (x86).

 

Firmware patch release through BIOS update. No performance impact is expected.

 

AMD is working on PSP firmware updates that we plan to release in the coming weeks.

Promotory
Chipset

CHIMERA

"Promontory"chipset used in many socket AM4 desktop and socket TR4 high-end desktop (HEDT) platforms.

AMD EPYC server platforms, EPYC and Ryzen Embedded platforms, and AMD Ryzen Mobile FP5 platforms do not use the "Promontory"chipset.

Issue: Attacker who already has compromised the security of a system installs a malicious driver that exposes certain Promontory functions.

 

Method: Attacker requires Administrative access.

Attacker accesses physical memory through the chipset.

 

Attacker installs difficult to detect malware in the chipset but is not persistent across reboots.

Mitigating patches released through BIOS update. No performance impact is expected.

 

AMD is working with the third-party provider that designed and manufactured the "Promontory"chipset on appropriate mitigations.

Mark Papermaster, Senior Vice President and Chief Technology Officer at AMD, promised to provide additional updates on both the company's analysis of these issues and the related mitigation plans in the coming weeks.



Previous
Next
Facebook to Respond to FTC Questions Over Cambridge Analytica Case        All News        Microsoft Announces Project Denali SSD For Cloud-scale Applications
Intel and Facebook Unveil Next Generation OCP Twin Lakes 1S Server     PC Parts News      Microsoft Announces Project Denali SSD For Cloud-scale Applications

Get RSS feed Easy Print E-Mail this Message

Related News
AMD Says New 2nd Generation, 32-core AMD Ryzen Threadripper Processors Break Boundaries of High-End Desktop Market
AMD Radeon Pro WX 8200 Delivers High Workstation Graphics Performance for Under $1,000
AMD 2nd Gen Threadripper 2990WX AND 2950X Available for Pre-order
New AMD Semi-Custom SOC Combines AMD Ryzen CPU and AMD Vega GPU for Gamers in China
AMD Unveils B450 Chipset-based Motherboards
AMD Reports High Quarterly Profit on New EPYC and Ryzen Sales
AMD's 7nm Processors to Compete With Intel's 10nm Chips
AMD Presents Modular Routing Design for Chiplet-based Systems
Benchmarks With the 32-core AMD Threadripper Appear Online
AMD Updates 3rd Generation Embedded G-Series SoC J Family
Computex: AMD to Launch 32-core Threadripper 2 this Year, Vega 7nm in the Works
AMD Ryzen 3 2300X And Ryzen 5 2500X Processor Details Leaked

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .