UPDATED 22:10 EDT / MARCH 21 2018

INFRA

AMD confirms chip vulnerabilities and promises a fix is on its way

Advanced Micro Devices Inc. today confirmed vulnerabilities first disclosed by Israeli security firm CTS Labs last week and has promised that a fix is on its way.

The vulnerabilities, found in AMD’s Epyc secure processor and the Ryzen chipset, could allow attackers to take control of systems running on these chipsets, access secure data and even install malware.

While confirming that the vulnerabilities are real, AMD said that the risk they present is overstated, that there’s no evidence that of any of the potential exploits has been used for malevolent purposes, and that it would be extremely difficult to use any of them to attack computers.

Richard Henderson, global security strategist at Absolute Software Corp., told SiliconANGLE that the research and vulnerabilities shouldn’t be a huge surprise because it’s common for researchers to focus their attention on similar products when a major issue is found.

“In this case, the wide-scale attention that processors and hardware have received as a result of the Spectre and Meltdown vulnerabilities meant that it was probable that something else would be found in other products,” Henderson said. “The odds are good that a particularly skilled cybercriminal or state-sponsored group will leverage these types of vulnerabilities to develop new exploits.”

Henderson cautioned that the first step for enterprises, as with the Spectre and Meltdown flaws, is not to panic. “While these new vulnerabilities do appear to have well-developed proof-of-concept code, there’s nothing in the wild yet taking advantage of them,” he said. “It’s likely we’ll see patches hitting devices sooner rather than later.”

It’s time for enterprises to take full stock of all of their devices to determine how exposed those devices are to these new issues, he added. “Once you have an understanding as to how many devices you have that are vulnerable, you will be in a strong position to either implement additional controls for those endpoints or temporarily swap them out for other unaffected devices until patches can be developed and deployed.”

Image: CTS-Labs

Since you’re here …

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

Cookies

We employ the use of cookies. Find out more.