UPDATED 16:25 EDT / JANUARY 12 2018

INFRA

AMD issues Spectre security patch despite initially claiming ‘near zero risk’

Advanced Micro Devices Inc. released a firmware update Thursday for its processors to guard against the Spectre CPU exploit, confirming that its processors are at least somewhat vulnerable to the same flaws discovered in Intel Corp.’s processors.

AMD Senior Vice President and Chief Technology Officer Mark Papermaster said the new update addresses the flaw that Google Project Zero, which originally discovered the vulnerability, calls Variant 1 or Bounds Check Bypass. This vulnerability potentially allows attackers to view private data that passes through a user’s processor.

“We believe this threat can be contained with an operating system patch and we have been working with OS providers to address this issue,” Papermaster said in a statement. “Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week.”

Papermaster added that beginning this week, AMD will also provide optional microcode updates for Ryzen and EPYC processors to guard against GPZ Variant 2. AMD originally claimed last week that its chips have “a near zero risk” of being exploited by GPZ Variant 2, but Papermaster said the optional updates are intended to “further mitigate the threat.” He also said that because of architecture differences in AMD’s chips, no mitigation is required for GPZ Variant 3, which is better known as Meltdown.

AMD’s share value dropped immediately following its announcement today, but it has since recovered, possibly because the company’s chips appear to be less susceptible to Spectre and Meltdown than Intel’s processors. Intel’s own shares took a major downturn over the last two weeks since the scope of its vulnerabilities have come to light.

More importantly, Intel’s attempts to address the exploits have taken a serious toll on the performance of its chips, with some taking as much as a 35 percent performance hit from the updates.

Intel’s problems were only compounded when it reports surfaced claiming that Intel Chief Executive Brian Krzanich had sold of $24 million worth of stock and options in the company, allegedly right after he learned of the Spectre issues. However, Krzanich downplayed the security concerns for Intel’s chips at last week’s Consumer Electronics Show, saying, “We have not received any information that these exploits have been used to obtain customer data.”

Photo: S.Lacin Ryzen 1700 III via photopin (license)

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU