AMD has released details of a chipset vulnerability that could read and save certain types of memory pages in Windows. As a result, an attacker was able to steal passwords or carry out other types of attacks, including bypassing standard defenses.
In agreement with the manufacturer, the information was made public by Kyriakos Economou, a security technology researcher and co-founder of ZeroPeril. As part of checking the vulnerability, he was able to download several gigabytes of confidential data from an AMD-based machine – while he did not have administrator rights. At the moment, the manufacturer has released updates to close this vulnerability. They are available in new versions of firmware on the AMD website, as well as in Windows Update. The company previously reported the vulnerability, but did not provide details – they became known only now.
Kyriakos Economou discovered that the Ryzen 2000 and 3000 series chips were vulnerable, although initially AMD indicated only Ryzen 1000 processors. At the moment, the manufacturer has updated the list of processors – now it includes almost all modern models. The problem was in the Platform Security Processor (PSP) driver. Using the vulnerability, an attacker gained access to gigabytes of uninitialized memory pages. This made it possible to perform various actions on the victim’s computer, including stealing the user’s personal data with administrator rights, as well as PtH attacks (pass-the-hash).
To get rid of this vulnerability, AMD recommends updating the AMD PSP driver to version 18.104.22.168 via Windows Update, or installing AMD Chipset Driver version 3.08.17.735 or higher.
AMD processors have earned a reputation for being more secure than Intel chips, as fewer vulnerabilities were found for the former. But since AMD is a player with a smaller share of the x86-chip market, it is believed that the company’s products have not been subjected to so many attacks. Once a manufacturer has gained market share and continues to grow, researchers and attackers will be more likely to turn to its products.