UPDATED 22:10 EDT / MARCH 21 2018

INFRA

AMD confirms chip vulnerabilities and promises a fix is on its way

Advanced Micro Devices Inc. today confirmed vulnerabilities first disclosed by Israeli security firm CTS Labs last week and has promised that a fix is on its way.

The vulnerabilities, found in AMD’s Epyc secure processor and the Ryzen chipset, could allow attackers to take control of systems running on these chipsets, access secure data and even install malware.

While confirming that the vulnerabilities are real, AMD said that the risk they present is overstated, that there’s no evidence that of any of the potential exploits has been used for malevolent purposes, and that it would be extremely difficult to use any of them to attack computers.

Richard Henderson, global security strategist at Absolute Software Corp., told SiliconANGLE that the research and vulnerabilities shouldn’t be a huge surprise because it’s common for researchers to focus their attention on similar products when a major issue is found.

“In this case, the wide-scale attention that processors and hardware have received as a result of the Spectre and Meltdown vulnerabilities meant that it was probable that something else would be found in other products,” Henderson said. “The odds are good that a particularly skilled cybercriminal or state-sponsored group will leverage these types of vulnerabilities to develop new exploits.”

Henderson cautioned that the first step for enterprises, as with the Spectre and Meltdown flaws, is not to panic. “While these new vulnerabilities do appear to have well-developed proof-of-concept code, there’s nothing in the wild yet taking advantage of them,” he said. “It’s likely we’ll see patches hitting devices sooner rather than later.”

It’s time for enterprises to take full stock of all of their devices to determine how exposed those devices are to these new issues, he added. “Once you have an understanding as to how many devices you have that are vulnerable, you will be in a strong position to either implement additional controls for those endpoints or temporarily swap them out for other unaffected devices until patches can be developed and deployed.”

Image: CTS-Labs

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.