Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

AMD will release the patches for the recently discovered flaws very soon

AMD concluded its investigation on the vulnerabilities recently discovered by CTS Labs and announced that security patches will be released very soon. AMD has finally acknowledged 13 critical vulnerabilities and exploitable backdoors in its Ryzen and EPYC processors that were first disclosed earlier March by the researchers at the security firm CTS Labs. The CTS […]

amd SEV

AMD concluded its investigation on the vulnerabilities recently discovered by CTS Labs and announced that security patches will be released very soon.

AMD has finally acknowledged 13 critical vulnerabilities and exploitable backdoors in its Ryzen and EPYC processors that were first disclosed earlier March by the researchers at the security firm CTS Labs.

The CTS Labs researchers did not disclose any technical details about the vulnerabilities to avoid abuses in the wild.

The vendor plans to roll out firmware updates in the incoming weeks to address the flaws affecting millions of devices worldwide.

The flaws could be potentially exploited to steal sensitive data, install malicious code on AMD-based systems, and gain full access to the compromised systems. The flaws expose servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors to attacks.

CTS-Labs promptly reported the flaws to AMD, Microsoft and “a small number of companies that could produce patches and mitigations.”

The analysis conducted by the security experts revealed four classes (RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY) of vulnerabilities affecting the AMD Zen architecture processors and chipsets that usually contain sensitive information such as passwords and encryption keys.

The flaw could allow to bypass AMD’s Secure Encrypted Virtualization (SEV) technology and also Microsoft Windows Credential Guard.

AMD flaws

This week AMD published a press release trying to downplay the severity of the flaws.

“It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.” reads the press release published by AMD. “Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.” 

Differently from what has happened for Meltdown and Spectre attacks, AMD sustains that the patches it is going to release are not expected to impact system performance.

CTS Labs are skeptical about a rapid fix of the issues, they claimed that AMD could take several months to release patches for most of the flaws, even some of them could not be fixed.

[adrotate banner=”9″] [adrotate banner=”12″]  

Pierluigi Paganini

(Security Affairs – chip, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]