AMD Comments On Chip Flaws: Nothing To See Here

AMD has finally commented on the security flaws in its Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile chips, identified in a frankly dodgy manner by CTS Labs a week ago. In a post on the AMD website on Tuesday, Mark Papermaster, senior VP and CTO of AMD, had this to say. Oh as an aside, if the name sound familiar to frequent readers of this blog, this is why:

It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues

At least we know these flaws are real now. But in AMD’s opinion you would have to be highly skilled to exploit these flaws. In short, there’s nothing to see here. But they’re still going to fixed via firmware updates that are coming real soon now. No timeframe on those fixes just yet. But it appears to be a measured response. Far more measured than how these bugs were disclosed by CTS Labs, who wasn’t mentioned once in the post. That tells you all you need to know about what AMD thinks of CTS Labs.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: