Cybersecurity researchers have discovered an AMD chipset driver vulnerability that can be exploited to dump system memory and steal sensitive information.
The security researchers first discovered the flaw with Ryzen 2000- and 3000-series platforms, while AMD initially only listed Ryzen 1000 and older processors in its advisory.
Tom’s Hardware raised the discrepancy, noted by the researchers in their report as well, and AMD has since updated its advisory to suggest that the issue affects its entire modern consumer processor lineup as well as several older models.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
- Protect your devices with these best antivirus software
- Here’s our choice of the best malware removal software on the market
- These are the best ransomware protection tools
The good news is that AMD has patched the vulnerability, and the updates were shipped through Microsoft’s September Patch Tuesday bundle.
Tracked as CVE-2021-26333 the vulnerability resides in the driver for AMD Platform Security Processor (PSP), which helps enable the operating system to process sensitive information inside cryptographically-secured portions of memory.
According to The Record, Windows relies on the amdsps.sys driver to make use of the PSP feature. The researchers were able to compromise this driver to download several gigabytes of sensitive data as a non-admin user.
Additionally, parsing through the detailed report, Tom’s Hardware notes that the researchers argue that the data obtained from exploiting the vulnerability could help attackers circumvent mitigations for exploits such as Spectre and Meltdown.
Interestingly, AMD had reportedly already issued the patch several weeks ago, without sharing details about the issue until now.
- These are the best endpoint protection tools
Via Tom’s Hardware
Source from www.techradar.com