Security Advisory: Major Flaws Found Within AMD Processors

Israel-based CTS-Labs states that more than 13 major flaws are found within AMD’s Ryzen, Ryzen Pro, Ryzen Mobile, and EPYC processors, affecting millions of devices. These flaws are similar to the recent Intel Spectre and Meltdown vulnerabilities and allow a threat actor to install malware inside the chip to access sensitive data and compromise the entire system. Here's a short summary video of the recent announcement: 

 

 

The vulnerabilities are inside AMD’s chipset architecture, in an area where passwords and encryption keys are stored. With this vulnerability, a hacker could use the unpatched vulnerability to defeat AMD’s Secure Encrypted Virtualization (SEV) technology to bypass Microsoft Windows Credential Guard. Masterkey, Ryzenfall and Fallout vulnerabilities can bypass the Windows Credential Guard. In addition, CT-Labs states that a hacker could use the vulnerabilities to:

  • Steal credentials on a high-security enterprise network
  • Evade detection from virtually any endpoint protection solution
  • Cause damage to hardware with full control of a system

Vulnerabilities Breakdown

Here’s a quick breakdown on each of the vulnerabilities affecting AMD Processors:

Master Key

  • Threat actor can install malware on the computer’s BIOS then install malware on the processor
  • Threat actors can control what programs are allowed to run during startup
  • Threat actor can disable security features on the processor
  • Threat actor can use the vulnerability to deploy ransomware

Ryzenfall

  • Threat actor can inject malicious code and completely take over AMD Secure Processor
  • Threat actor can obtain access to AMD Secure Processor to read and write on protected memory areas – SMRAM and Windows Credential Guard
  • Threat actor can use this vulnerability to steal credentials and compromise other systems
  • Threat actor could conduct espionage on a system by installing malware on the processor

Fallout

  • Threat actor can obtain access to protected sensitive data and credentials
  • Threat actor can break segregated virtual machines created from computer’s memory

Chimera

  • Threat actor can install a keylogger to see everything that is typed on a machine
  • Threat actor can install malware onto the processor directly

RYZENFALL, FALLOUT, and CHIMERA do not require physical access to exploit. MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. CT-Labs confirmed this works on motherboards made by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.

A wide array of devices running this AMD architecture will be affected, including laptops, workstations, and servers. The following AMD product lines are affected by the vulnerabilities:

AMD Processor Flaws Ryzen and EPYC.png

Source: https://amdflaws.com/

What Should You Do?

CT-Labs provided AMD the details related to the vulnerability discovery. AMD is actively working on patches at this time and should have a fix over the next few months. To exploit the vulnerabilities, a local machine would need admin privileges. Make sure to disable any endpoints, workstations, or servers that have admin privileges enabled.

AMD has been provided full details and is now working on patches, and security vendors have also been given full details and are now developing mitigations.

vulnerability and compliance management trial offer

Did you enjoy this blog article? Share it with your friends or comment below.
 
.

 

About CIPHER

Founded in 2000, CIPHER is a global cybersecurity company that delivers highly accredited SOC I and SOC II Type 2 certified Managed Security Services and Security Consulting Services with expertise across ISO 20000 and ISO 27001, and PCI DSS holding the QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past five years. These services are supported by the best-in-class security intelligence lab: CIPHER Intelligence. Our offices are located in North America, Europe, and Latin America with 24×7×365 Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe. 

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions. 

Subscribe to Us!

Maeasure Your Information Security Maturity Self-Assessment Survey
Measure Your Information Security Maturity Self-Assessment Survey

Recent Security Posts

security consulting services

Twitter Feed