Tuesday, March 20th 2018
Initial AMD Technical Assessment of CTS Labs Research
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings. Security and protecting users' data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed. This is our first public update on this research, and will cover both our technical assessment of the issues as well as planned mitigation actions.
The security issues identified by the third-party researchers are not related to the AMD "Zen" CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
As described in more detail above, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations. It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.
Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.
The security issues identified can be grouped into three major categories. The table above describes the categories, the AMD assessment of impact, and planned actions.
AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.
The security issues identified by the third-party researchers are not related to the AMD "Zen" CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.
The security issues identified can be grouped into three major categories. The table above describes the categories, the AMD assessment of impact, and planned actions.
AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.
98 Comments on Initial AMD Technical Assessment of CTS Labs Research
AMD did however give these proper context and timeline for fixes, both of which differ almost diametrically from CTS-Labs assessment. Which (CTS-Labs threat assessment), can we agree on this at least, was OTT.
Most would even say they (CTS-Labs) were spreading FUD as wording and timelines of informing AMD were hostile and not following industry agreed timelines.
Again, CTS-Labs were saying that
Is my organization currently at risk?
If you have an AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC machine on your network, and that machine is compromised, your network is at risk.
How long before a fix is available?
We don't know. CTS has been in touch with industry experts to try and answer this question. According to experts, firmware vulnerabilities such as MASTERKEY, RYZENFALL and FALLOUT take several months to fix. Hardware vulnerabilities such as CHIMERA cannot be fixed and require a workaround. Producing a workaround may be difficult and cause undesired side-effects
This is FUD.
You are welcome to keep going back to CTS' horrific presentation, but, that doesn't really change anything. How many times do I(anyone) need to say CTS fucked up? I acknowledged AMD corrected things before... are you trying to prod and argue??? Let it go man... shit is real and not a big deal, CTS is a joke, we get it!
It actually isn't, in nearly all cases. A lot of basic errors in IT security have to be made for the threat to be real.
Ive been in IT for nearly 20 years. From Mainframe Operations to Data Center Mangement. I've watched bad teams make basic errors, I have seen great team make basic errors. We are human and we make mistakes. Lots of them.
AMD has some holes to patch, period.
I digress. I'm getting dizzy watching you people defend them.
You would think it IS the issue considering how many times by how many people mentioned it and believed this wasn't true at all. I've been through the threads and the list of people denying it is longer than one might expect. ;)
EDIT: Bwaaaaaaaaaaaaaaaahahha, I just realized a Freudian slip... wants to say "you are blue in the face" but typed our your name??????????? :roll::wtf:A few weeks, and yes. :)
You don't name something "RYZENFALL" by mistake. Let's not kid ourselves , you can't seriously imply those things were an "error".
Same thing with those who feel Intel is behind this... I can see why people think that, but, again, until we see proof, I will withhold judgement.
What are you trying to pin on me bud? I'm with you! CTS' delivery was a joke!!!! They are terrible!! That doesn't mean these vulnerabilities were not true though!! That is all I am trying to say. Simple.
Can people F up and it be intentional??? Come on guys... they F'd up, period. But we simply do not know, FOR A FACT, the intentions. Writing is on the wall, I can see it, but I(we all) don't have the facts... just correlation. Time will tell if this was malicious by them or not. I am not holding judgement until we know more. You can make the leap, boys, have at it! :)
EDIT: Some of those 'industry leaders' also said they didn't think the vulnerabilities weren't true in the first place... so, there is that as well.
So far I am batting 1.000 though.. its real, regardless of how shady it looks/will prove/not prove to be, and so many here couldn't even fathom that concept these were real regardless of the severity - this was a caveat in all my posts since it happened 3/14. ;)
But please, please continue to attack my position... should I ask if I am allowed to have one? Is now the right time? Sure feels like I am getting beat up over mine when I simply said I didn't agree with someone else's.......that goose, that gander.
...actaully, there is a chance I missed something. You mind me pming you as this is OT? I have a Titan XP Star Wars I'd very much like to modify, and yes I have the hardware...
You can't have the cake and eat it as well. But you are doing your best to do so , I can give you that. :)
They F'd up in their DELIVERY. There isn't really a question there. Not giving them the normal 90 days for example...poor delivery!
What is a question is the shady tactics or not behind the poor delivery. Hence why I am giving them the benefit of the doubt on that front. You two clearly disagree with that assertion and have your reasons. That is ok! Time will tell gents, time will tell. Now, can we stop making this about 'us'? There was ZERO reason to pin me on a wall here boys...
EDIT: It is entirely possible I am simply wrong in giving them the benefit of the doubt... that is also OK to be wrong!!! Something many members of this forum have a huge problem with (admitting it). If I see another post by a certain user that denies Intel CPUs throttle, I'm going to vomit... too much of that here... waaaaaaaaaaaaay too much.