AMD fixes bug that lets hackers load malicious microcode patches – BleepingComputer
Crypto-stealing apps found in Apple App Store for the first time7-Zip MotW bypass exploited in zero-day attacks against UkraineCISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacksAMD fixes bug that lets hackers load malicious microcode patchesMicrosoft says attackers use exposed ASP.NET keys to deploy malwareGet Visual Studio Pro at a discount in this dealKimsuky hackers use new custom RDP Wrapper for remote accessCritical RCE bug in Microsoft Outlook now exploited in attacksHow to access the Dark Web using the Tor BrowserHow to enable Kernel-mode Hardware-enforced Stack Protection in Windows 11How to use the Windows Registry EditorHow to backup and restore the Windows RegistryHow to start Windows in Safe ModeHow to remove a Trojan, Virus, Worm, or other MalwareHow to show hidden files in Windows 7How to see hidden files in WindowsRemove the Theonlinesearch.com Search RedirectRemove the Smartwebfinder.com Search RedirectHow to remove the PBlock+ adware browser extensionRemove the Toksearches.xyz Search RedirectRemove Security Tool and SecurityTool (Uninstall Guide)How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundoHow to remove Antivirus 2009 (Uninstall Instructions)How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKillerLocky Ransomware Information, Help Guide, and FAQCryptoLocker Ransomware Information Guide and FAQCryptorBit and HowDecrypt Information Guide and FAQCryptoDefense and How_Decrypt Ransomware Information Guide and FAQQualys BrowserCheckSTOPDecrypterAuroraDecrypterFilesLockerDecrypterAdwCleanerComboFixRKillJunkware Removal TooleLearningIT Certification CoursesGear + GadgetsSecurityBest VPNsHow to change IP addressAccess the dark web safelyBest VPN for YouTubeAMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices.The security flaw (CVE-2024-56161) is caused by an improper signature verification weakness in AMD’s CPU ROM microcode patch loader.Attackers with local administrator privileges can exploit this weakness, resulting in the loss of confidentiality and integrity of a confidential guest running under AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP).According to AMD’s development resources, SEV isolates guests and the hypervisor from one another, and SEV-SNP adds memory integrity protection that creates an isolated execution environment by helping prevent malicious hypervisor-based attacks (e.g., data replay, memory re-mapping, and more).AMD now provides mitigation requiring a microcode update on all affected platforms to block malicious microcode execution.Some platforms also require a SEV firmware update for SEV-SNP attestation, with users having to update the system BIOS and reboot to enable attestation of the mitigation.To confirm that the mitigation has been correctly installed, check whether the microcode version(s) matches the one(s) listed in the table below.”We have demonstrated the ability to craft arbitrary malicious microcode patches on Zen 1 through Zen 4 CPUs. The vulnerability is that the CPU uses an insecure hash function in the signature validation for microcode updates,” the Google Security Team said.”This vulnerability could be used by an adversary to compromise confidential computing workloads protected by the newest version of AMD Secure Encrypted Virtualization, SEV-SNP or to compromise Dynamic Root of Trust Measurement.”Google security researchers, credited with finding and reporting this flaw to AMD, have also shared a proof-of-concept (PoC) exploit (tested on AMD EPYC and AMD Ryzen 9 CPUs) that shows how attackers can create arbitrary microcode patches.Their PoC exploit makes the RDRAND instruction on vulnerable AMD Zen processors always return 4, which also sets the carry flag (CF) to 0. This indicates that the return value is invalid and ensures the exploit can’t be used “to compromise correctly functioning confidential computing workloads.”This week, AMD has also received a report from Li-Chung Chiang at NTU (National Taiwan University) detailing cache-based side-channel attacks against Secure Encrypted Virtualization (SEV) that impact data center (1st Gen to 4th Gen AMD EPYC) and embedded (AMD EPYC 3000/7002/7003/9004) processors.AMD advised developers to follow best practices for prime and probe attacks (e.g., constant-time algorithms), avoid secret-dependent data whenever possible, and follow the guidance regarding Spectre-type attacks.Hackers exploit SimpleHelp RMM flaws to deploy Sliver malwareCISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacksZyxel won’t patch newly exploited flaws in end-of-life routersNetgear warns users to patch critical WiFi router vulnerabilities7-Zip MotW bypass exploited in zero-day attacks against UkraineNot a member yet? Register NowChinese cyberspies use new SSH backdoor in network device hacks7-Zip MotW bypass exploited in zero-day attacks against UkraineCISA orders agencies to patch Linux kernel bug exploited in attacksRDP Security Simplified – No VPN, No Firewall Exposure. Get a free TruGrid business trial.Get the GOAT Guide to learn how to start validating, start defending, and start winning.Request your complimentary data risk assessment for AWSPassword health-check overdue? Audit your Active Directory for freeProtecting Against Malicious Browser Extensions: The Complete GuideTerms of Use – Privacy Policy – Ethics Statement – Affiliate DisclosureCopyright @ 2003 – 2025 Bleeping Computer® LLC – All Rights ReservedNot a member yet? Register NowRead our posting guidelinese to learn what content is prohibited.
