The IT Nerd

AMD has finally commented on the security flaws in its Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile chips, identified in a frankly dodgy manner by CTS Labs a week ago. In a post on the AMD website on Tuesday, Mark Papermaster, senior VP and CTO of AMD, had this to say. Oh as an aside, if the name sound familiar to frequent readers of this blog, this is why:

It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues

At least we know these flaws are real now. But in AMD’s opinion you would have to be highly skilled to exploit these flaws. In short, there’s nothing to see here. But they’re still going to fixed via firmware updates that are coming real soon now. No timeframe on those fixes just yet. But it appears to be a measured response. Far more measured than how these bugs were disclosed by CTS Labs, who wasn’t mentioned once in the post. That tells you all you need to know about what AMD thinks of CTS Labs.

This entry was posted on March 21, 2018 at 7:26 am and is filed under Commentary with tags AMD. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.