Recently, a white paper published by CTS-Labs, an Israeli security company, stated that there are 13 security holes in chips sold by computer chip maker AMD, involving AMD Ryzen desktop processor, Ryzen Pro enterprise processor, Ryzen mobile processor and EPYC. Data center processor.
Israeli security company exposes 13 security holes in AMD chips
CTS Labs security researchers said on the same day that they found security flaws in AMD-made chips, allowing hackers to easily control computers and networks. CTS listed 13 flaws in detail and stated that these defects' may expose organizations to cyber attacks. The risk has greatly increased.
The above-mentioned white paper states that the vulnerability of AMD chips will allow malicious code to run on AMD security processors, allowing attackers to steal confidential certificates, and also allow the spread of malicious software through a network of Windows machines.
Among them, EPYC server vulnerabilities allow attackers to read and write protected memory areas, which may be used to steal certificates protected by Windows Credential Guard protection. AMD Ryzen processor exploits enterprise software The hardware and the back door allowed the attacker to inject malicious code into the processor. CTS said that the white paper was only an overview of the vulnerability to prevent hackers from stealing and exploiting AMD prior to attack.
In response, AMD issued a response statement on its official blog, saying that the company is actively investigating and analyzing. At the same time, CTS Company did not provide AMD with appropriate time before the public research discovery, so that the company could investigate and confirm the findings.