PSP – PSP Oste Fri, 17 Sep 2021 23:01:54 +0000 en-US hourly 1 PSP – PSP Oste 32 32 AMD Chipset Vulnerability Leaks Passwords, Fix Available Fri, 17 Sep 2021 23:01:54 +0000

AMD has disclosed details of a chipset vulnerability that can allow unprivileged users to read and dump certain types of memory pages in Windows. This technique allows an attacker to steal passwords or activate other types of attacks, including bypassing standard mitigations of KASLR exploitation (aka Specter and Meltdown) (via The record).

Word of the bug came in a coordinated disclosure with Kyriakos Economou, a security researcher and co-founder of ZeroPeril, who exploited the vulnerability to download several gigabytes of sensitive data from affected AMD processors, but in as a non-administrator user. AMD has prepared mitigations which can be downloaded as part of its latest chipset drivers or by using Windows Update to update the AMD PSP driver (update details are below).

AMD initially released the patch several weeks ago, but did not reveal the vulnerabilities that were fixed. This new disclosure answers these questions.