Tech News
AMD confirms microcode vulnerability revealed in beta BIOS update
What’s the Latest with AMD’s Processors? AMD recently confirmed a security vulnerability in some of its processors that was accidentally exposed through a beta BIOS update from Asus. The flaw, referred to as a “microcode signature verification vulnerability,” became public knowledge before AMD could officially address it, causing concern within the cybersecurity community.
The vulnerability was initially discovered by Tavis Ormandy, a security researcher at Google’s Project Zero. Ormandy noticed a mention of the flaw in the release notes of an Asus beta BIOS update for a gaming motherboard. In a public mailing list post, Ormandy expressed, “It seems like an OEM leaked the patch for a significant upcoming CPU vulnerability.”
AMD has since acknowledged the issue and is working on developing and implementing mitigations. While the specific products affected have not been disclosed by the company, it appears that the vulnerability is related to the microcode and bypasses the typical process that ensures only authorized, AMD-signed microcode can be loaded into the processor. According to AMD, exploiting this vulnerability requires local administrator access to the targeted system and the ability to create and execute malicious microcode. Despite the seriousness of the vulnerability, its complex exploitation suggests that it is not easily weaponized by casual attackers.
While the full impact of the vulnerability remains uncertain, security experts are already considering the potential implications. Demi Marie Obenour, a software developer at Invisible Things, raised concerns that if a malicious actor could load arbitrary microcode, critical security features like System Management Mode (SMM), Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), and Dynamic Root of Trust for Measurement (DRTM) could be compromised.
This recent discovery of a microcode signature verification vulnerability is not an isolated incident for AMD. The company has encountered various security challenges across its product lines over the years.
In March 2018, researchers from CTS Labs identified a series of vulnerabilities affecting AMD’s Ryzen and Epyc processors, collectively known as RYZENFALL, MASTERKEY, CHIMERA, and FALLOUT. These vulnerabilities posed security risks to both consumer and enterprise-grade processors, requiring administrative access for exploitation.
In August 2024, a widespread vulnerability named “Sinkclose” was disclosed, affecting the System Management Mode and potentially exposing numerous devices to security threats. Exploiting this vulnerability necessitated kernel-level access, making it a significant concern for severely compromised systems, as stated by AMD at the time.
-
Destination4 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News8 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation8 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Breaking News5 months ago
Croatia to reintroduce compulsory military draft as regional tensions soar
-
Guides & Tips6 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Guides & Tips6 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Tech News6 months ago
Soccer team’s drone at center of Paris Olympics spying scandal
-
Gaming5 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more