From PC World: AMD has acknowledged the Ryzenfall vulnerabilities discovered by CTS-Labs, though the chip company believes the flaws can be patched via BIOS updates issued over the next few weeks.
In a blog post authored by AMD’s chief technical officer, Mark Papermaster, AMD confirmed that the four broad classifications of attacks—Masterkey, Ryzenfall, Fallout, and Chimera—are viable, though they require administrative access to the PC or server in question. Third-party protection, such as Microsoft Windows Credential Guard, also serve to block unauthorized administrative access, Papermaster wrote.
In any event, “any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research,” AMD’s Papermaster added.
But AMD also provided the answer to consumers’ most pressing question: What, if anything, needs to be done? For each of the first three classifications of vulnerabilities, AMD said it is working on firmware updates that the company plans to release during the coming weeks. That firmware will be distributed via a BIOS update that the company already planned to release. “No performance impact is expected,” AMD added.
The fourth category of vulnerability, known as Chimera, affected the Promontory chipset, which CTS-Labs said was designed with logic supplied by ASMedia, a third-party vendor. While AMD said patches for that will also be released via a BIOS update, the company said it is working with the Promontory chipset maker on developing the mitigations, rather than supplying its own.
View: Article @ Source Site
