Saturday, 17 November, 2018

AMD 'investigating' critical vulnerabilities in its latest Ryzen and EPYC CPUs

10788 ryzen power campaign imagery AMD 'investigating' critical vulnerabilities in its latest Ryzen and EPYC CPUs
Emmett Howard | 14 March, 2018, 22:40

Let us know in the comments.

There are 4 vulnerabilities that affect the before-mentioned AMD processors, namely, the Ryzenfall, Masterkey, Fallout, and Chimera. Masterkey on the other hand, requires that "an attacker be able to re-flash the BIOS with a specially crafted BIOS update".

"Given the recent history with Intel and the Meltdown security vulnerability, and the responsible way in which it was released and handled by security professionals and the afflicted companies, this new release, combined with a history of questionable financial dealings, the AMD-specific flaws here seem off base".

But security researchers have hit out at the white paper published by CTS-Labs for lacking any technical details describing the vulnerabilities. With this vulnerability, researchers said, attackers could cause physical damage to hardware or "brick" devices, or make them inoperable.

This model has a huge problem; how can you convince the public you are telling the truth without the technical details. "The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system, while remaining virtually undetectable by most endpoint security solutions", the advisory said. A sentence towards the end of the paper reads: "In our opinion, the basic nature of some of these vulnerabilities amounts to complete disregard of fundamental security principles. This raises concerning questions regarding security practices, auditing, and quality controls at AMD".

Under the Ryzenfall category, CTS Labs claimed that malicious code could be used to take over the AMD Secure Processor; privileges of this processor could be used to write into protected memory areas; Windows Credential Guard could be bypassed and network credentials stolen; and Ryzenfall could be used along with Masterkey to install persistent malware on the Secure processor. It is important to note that this was only done after first sending an outline of the vulnerabilities out to press outlets.

TechPowerUp reportedly contacted CTS Labs directly.

Do keep in mind that CTS Labs' findings could well be accurate and real.

Winter weather advisories across the region no longer in effect
Potentially impacted areas include Wise, Russell and Washington counties in Virginia along with Johnson County in Tennessee. With spring just a week away, this should be our last brush with accumulating snow for winter.

Late night hosts skewer Trump over Rex Tillerson firing
Kono told reporters Wednesday that he "regretted" that Tillerson was sacked as the two had established a trusting relationship. Either way, Trump's freewheeling style is set to sidetrack the Senate. "Did he fire him or have him put to sleep?" he asked.

Trump says "very good chance" for Kudlow to be next economic adviser
Kudlow would also be a controversial choice as he is a recovering alcoholic who once had a $100,000 per month cocaine habit. Cohn quit the White House last week after Trump refused to heed his advice against imposing a steel tariff.

It continues: "The Fallout vulnerabilities allows access to protected memory regions that are otherwise sealed off by hardware".

CTD-Labs's legal disclaimer also states that it may have a financial interest in stock movements of companies that it provides security reports on. AMD's own statement acknowledging the matter shows unfamiliarity with the company.

CTD-Labs didn't respond to questions by CSO Australia by the time of publishing. From archived information, it appears that the CTS Labs domain was registered in June past year. Though we were told AMD, Trail of Bits, and others were given proofs of concept and instructions for how to exploit the vulnerabilities, that information was not released to the general public.

Viceroy Research's PDF is filled with outlandish claims like the one above, and primarily uses scare tactics, seemingly in an effort to spook investors. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed, the research group adds. However, it is also worth noting that CTS Labs' CFO is also the founder and Managing Director of NineWells Capital, a hedge fund that invests in public equities.

Investment firm Viceroy Research published a 25-page report on the issues after the company said it was anonymously emailed a copy of CTS' findings on Monday afternoon.

AMD's stock has somewhat dropped in light of the claims, although that downward slide has eased and was on the way back up at the time of writing.

Unlike the Spectre and Meltdown vulnerabilities, which were disclosed to the impacted companies in advance of the information's public release, these new flaws were not made available to AMD prior to the report's publication. The last set of flaws, named Chimera, include what CTS Labs claims to be backdoors that could enable malicious code injection into the AMD Ryzen chipset.

Recommended

Margot Robbie Offered Role Of Sharon Tate In New Quentin Tarantino Film Margot Robbie Offered Role Of Sharon Tate In New Quentin Tarantino Film At the time of her murder, Sharon was married to controversial filmmaker Roman Polanski. She'll also be reuniting with her Wolf of Wall Street movie-husband Leonardo DiCaprio .

This epic eye-roll from a Chinese reporter is breaking the internet This epic eye-roll from a Chinese reporter is breaking the internet The eye-roll was filmed by state-run broadcaster CCTV and was even filmed on mobile phones by mainland netizens and shared online. On Tuesday morning Beijing had announced a major government overhaul that was overshadowed by Liang's hammy performance.

Turkey besieges Afrin, ready to enter the Syrian city 'at any moment' Turkey besieges Afrin, ready to enter the Syrian city 'at any moment' Around 350,000 people live in the city, including families displaced from other parts of the enclave. "I hope that Afrin will, God willing, have completely fallen by the evening".

Prudential FY17 Profit Up, Hikes Dividend; To Demerge M&G Prudential; Stock Up Prudential FY17 Profit Up, Hikes Dividend; To Demerge M&G Prudential; Stock Up The separation of the United Kingdom and European unit will enable each business to hone in on specific strategic objectives. This news also follows the decision to sell off £12 billion of its United Kingdom annuities book to Rothesay Life.

Yellow weather warning issued for rain tonight Yellow weather warning issued for rain tonight The Met Office has today (Wednesday) officially put a weather warning for snow in place for Sunday across the region. Maxey said temperatures in London, which reached double digits on Tuesday, would fall as low as 5C by Sunday.

Shadow of the Tomb Raider Releasing This September, More Tomorrow Shadow of the Tomb Raider Releasing This September, More Tomorrow It is Lara's character, however, that elevates the film and makes Tomb Raider stand out among other game-to-film adaptations . Her father goes missing and she is prompted to find him by way of a mysterious object, and she is off to her first adventure.

Sessions May Fire McCabe Days Before He's Set to Retire Sessions May Fire McCabe Days Before He's Set to Retire TA source told AP that McCabe is suspected of misleading internal investigators about a media leak, an allegation he denies. Strzok was removed from the Mueller team in July, though the reason for his ouster was not reported until December.

Venus knocks out Serena, Wozniacki marches on Venus knocks out Serena, Wozniacki marches on Serena Williams' first official tournament since becoming a mom in September was cut short by older sister Venus in Indian Wells . She emphatically closed out the 36-minute set with back-to-back aces that clocked 108 miles per hour and 120 miles per hour .

Claire Foy was paid less than male co-star on "The Crown" Claire Foy was paid less than male co-star on However, even if the pay gap is remedied in future seasons, it won't benefit Foy, whose work on the series is over. But still, it's a move in the right direction: 'Going forward, no-one gets paid more than the Queen'.

Storm Blasts Winter-Weary Northeast; Thousands Lose Power Storm Blasts Winter-Weary Northeast; Thousands Lose Power The flight-tracking site FlightAware reported more than 1,300 cancelled flights within, into or out of the US on Tuesday. Malloy is urging people to "take it slow and remember their winter weather driving skills".

Miley Cyrus sued for $300M by Jamaican artist over 'We Can't Stop' Miley Cyrus sued for $300M by Jamaican artist over 'We Can't Stop' And now we've got a veteran reggae artist suing Miley Cyrus because of the phrase " we run things , things don't run we". Even so, the singer is reportedly looking for the judge to rule in his favor based on the phraseology alone.

Pearl Chef Is San Antonio's Only James Beard Award Nominee for 2018 Pearl Chef Is San Antonio's Only James Beard Award Nominee for 2018 Gerard Craft of Niche won "Best Chef: Midwest" in 2015 , and Kevin Nashan of Sidney Street Cafe took the same award past year . The list announced Wednesday includes those whittled down from a list of semifinalists announced in February .

Microsoft Shakes Up Its E3 2018 Presence Significantly Microsoft Shakes Up Its E3 2018 Presence Significantly Nothing has been confirmed about what will be revealed at E3 but past year Microsoft revealed the Xbox One X and games for it. They will be doing things in a similar fashion this year but with more inclusion with the fans at the Microsoft Theater.

Tomorrow is National Pi Day! And there are freebies, discounts to celebrate Tomorrow is National Pi Day! And there are freebies, discounts to celebrate Locations not participating in Pi Day are Disney Springs, Houston Airport, UCLA, Staples Center, and George Mason University. The company, which is backed by investor LeBron James, among others, baked about 250,000 pizzas on Pi Day previous year .

Drabu's sacking PDP's Internal Matter But Decision Right: Farooq Drabu's sacking PDP's Internal Matter But Decision Right: Farooq I was not accorded the opportunity to explain the context and the content of my speech", he said in a statement. Drabu said the news of his sacking came as a surprise to him because he was made aware of it via social media.