AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities

AMD is now developing and staging the deployment of fixes for the vulnerabilities recently discovered in the company’s processors. The news arrives by way of Senior Vice President and Chief Technology Officer Mark Papermaster, who also notes that in order to take advantage of the vulnerabilities, an attacker needs administrative access to the affected PC. At that point, they could use any attack vector to infiltrate the device beyond what was discovered in AMD’s processors. 

According to the schedule, AMD will release a firmware patch through a BIOS update for the MasterKey vulnerability on an unspecified date along with an update to the related secure processor in the “coming weeks.” AMD lists the same schedule for the Ryzenfall and Fallout vulnerabilities along with the associated secure processors. As for the Chimera issue, AMD is currently working with the Promontory chipset manufacturer to release mitigating patches through a BIOS update. 

“The security issues identified by the third-party researchers are not related to the AMD ‘Zen’ CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018,” Papermaster states. “Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.” 

Security researchers recently uncovered a stand-alone set of critical processor vulnerabilities just months after another set of researchers disclosed the Meltdown and Spectre flaws to the public. This time Intel owners could breathe easy, as these exploits were unique to AMD’s processors, including its latest Ryzen chips. 

“The Ryzen chipset, a core system component that AMD outsourced to a Taiwanese chip manufacturer, ASMedia, is currently being shipped with exploitable manufacturer backdoors inside,” reads the whitepaper put out by CTS Labs, the company that discovered the vulnerabilities. “CTS has been researching the security of AMD’s latest Zen processors for the past six months, including EPYC, Ryzen, Ryzen Pro and Ryzen Mobile, and has made concerning discoveries.”

CTS Labs released a letter clarifying some of the technical details of the exploits, in response to some criticism that has been leveled at the security firm regarding the plausibility that these exploits could even be put to use by a malicious actor.

“The vulnerabilities described in our site are second-stage vulnerabilities. What this means is that the vulnerabilities are mostly relevant for enterprise networks, organizations and cloud providers,” CTS Labs said in a statement. “The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams.”

That’s the real danger here. These exploits are unlikely to be used against you personally, but they pose a significant danger to large systems that handle sensitive data which could make appealing targets for enterprising hackers.

Disclosure dust-up

The announcement itself has generated a fair amount of controversy, as security research firm CTS Labs reportedly did not give AMD the industry-standard 90-day notice before announcing the existence of these exploits to the public.

In response, AMD released a general statement which digs at CTS Lab’s unorthodox means of disclosure. “This company was previously unknown to AMD,” the statement reads, “and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.”

CTS Labs released its own response to the controversy in the form of a letter penned by Chief Technical Officer Ilia Luk-Zilberman. The letter outlines how CTS Labs first discovered the vulnerabilities, as part of an investigation into chip manufacturer ASMedia’s products. The letter suggests AMD inadvertently allowed the exploits to take root in its products by contracting with ASMedia for the design of Ryzen chipset components.

The speed and ease with which CTS Labs discovered these vulnerabilities, Luk-Zilberman alleges, contributed to the company’s decision to go public with the exploits well ahead of the typical 90-day window offered to companies like AMD when a serious vulnerability is discovered.

“I honestly think it’s hard to believe we’re the only group in the world who has these vulnerabilities, considering who are the actors in the world today, and us being a small group of six researchers,” Luk-Zilberman’s letter continues.

The letter goes on to describe CTS Labs’ opposition to the “responsible disclosure” norms within the cybersecurity industry. For example, when Google’s Project Zero uncovered the Meltdown and Spectre vulnerabilities, Google offered AMD and Intel a 200-day head start to get working on a patch. CTS Labs claims this relationship is bad for customers.

“I think that the current structure of ‘Responsible Disclosure’ has a very serious problem,” Luk-Zilberman said. “The main problem in my eyes with this model is that during these 30/45/90 days, it’s up to the vendor if it wants to alert the customers that there is a problem. And as far as I’ve seen, it is extremely rare that the vendor will come out ahead of time notifying the customers.”

Ryzenfall, Fallout, MasterKey, and Chimera

Before we get into what these vulnerabilities are and how they work, let’s be clear about one thing: There are no patches for these vulnerabilities as of this writing. If you’re compromised, there is not much you can do about it at the moment. If you’re running a Ryzen processor, you’ll just have to be very careful for the next few weeks while we wait for a patch.

Ryzenfall exploit chart
Chart illustrating which products are affected by which vulnerabilities, credit CTS Labs.

“Firmware vulnerabilities such as Masterkey, Ryzenfall, and Fallout take several months to fix. Hardware vulnerabilities such as Chimera cannot be fixed and require a workaround,” CTS Labs reports. “Producing a workaround may be difficult and cause undesired side-effects.”

These vulnerabilities fall into four categories, dubbed Ryzenfall, Fallout, Masterkey, and Chimera. All four lead directly into the secure portion of AMD processors, where sensitive data like passwords and encryption keys are stored, but they achieve their goals in different ways.

“Attackers could use Ryzenfall to bypass Windows Credential Guard, steal network credentials, and then potentially spread through even highly secure Windows corporate network,” CTS Lab reports. “Attackers could use Ryzenfall in conjunction with Masterkey to install persistent malware on the Secure Processor, exposing customers to the risk of covert and long-term industrial espionage.”

The real danger of these vulnerabilities is their pervasive nature. Once someone has wormed their way into the secure processor via Ryzenfall or Masterkey, they are there for good. They can set up camp and spread throughout the network virtually undetected. This is a scary prospect for individuals, but for AMD’s enterprise customers, like Microsoft, it could mean the exposure of very sensitive data to malicious actors on a large scale.

Updated on March 20: Added AMD’s firmware release schedule.

Computing

Microsoft will end support for Windows 7 one year from now

Microsoft is set to end extended support for Windows 7 on January 14, 2020, putting a halt on the free bug fixes, and security patches for most who have the operating system installed. 
Computing

2019 could be the year AMD has a full lineup of 7nm Radeon GPUs

AMD just came off the reveal of the worlds first consumer 7nm graphics card, but In a new interview, AMD's chief technology officer hints that 2019 could be the year where it has a full lineup of 7nm Radeon GPUs. 
Home Theater

The best movies on Netflix in December, from 'Buster Scruggs’ to 'Roma'

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Gaming

Still have holiday cash to blow? Grab one of these awesome Xbox One games

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.
Computing

This ‘computer mouse’ sets the new size standard for portable computing

The Raspberry Pi is an amazingly capable little computer and it's small enough that it can fit just about anywhere. Even in a computer mouse — if you're willing to build a custom chassis for it.
Computing

Change your mouse cursor in Windows with these quick tips

The standard mouse cursor is boring, so change it! With this guide on how to change your mouse cursor in Windows, you can choose to use one of Microsoft's pre-installed cursors or download something a bit more extravagant.
Computing

Go hands-free in Windows 10 with speech-to-text support

Looking for the dictation, speech-to-text, and voice control options in Windows 10? Here's how to set up Speech Recognition in Windows 10 and use it to go hands-free in a variety of different tasks and applications within Windows.
Computing

Printing to PDF in Windows is easy, no matter which method you use

Microsoft's latest operating system makes it easier than ever to print to PDF in Windows, but there are alternative methods for doing so, even if you want to forgo Adobe Acrobat. Here's how.
Computing

Changing a PDF into an EPUB file is easier than you might think

If you like to read on a tablet or ebook reader, you'll find that ePUB files offer a number of advantages over PDFs. With this guide, we'll show you how to convert a PDF to EPUB in a few quick steps.
Computing

Need to combine a PDF? Here's how to get it done on both Windows and Mac

Sometimes juggling multiple files at once is more of a hassle than a convenience, especially when a single file would do. This quick guide will teach you how to combine PDF files on Windows, MacOS, or with online tools.
Computing

Don’t even bother with the rest. Here are the only laptop brands that matter

If you want to buy your next laptop based around a specific brand, it helps to know which the best brands of laptops are. This list will give you a good grounding in the most reliable, quality laptop manufacturers today.
Computing

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.
Computing

Style up your MacBook Air with one of these great cases or sleeves

Whether you’re looking for added protection or a stylish flourish, you’re in the right place for the best MacBook Air cases. We have form-hugging cases, luxurious covers and padded sleeves priced from $10 to $130. Happy shopping!
Computing

Getting Windows 10 updated doesn't have to be so painful

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.