PSP – PSP Oste http://psposte.org/ Fri, 17 Sep 2021 23:01:54 +0000 en-US hourly 1 https://wordpress.org/?v=5.8 https://psposte.org/wp-content/uploads/2021/05/cropped-icon-32x32.png PSP – PSP Oste http://psposte.org/ 32 32 AMD Chipset Vulnerability Leaks Passwords, Fix Available https://psposte.org/amd-chipset-vulnerability-leaks-passwords-fix-available/ https://psposte.org/amd-chipset-vulnerability-leaks-passwords-fix-available/#respond Fri, 17 Sep 2021 23:01:54 +0000 https://psposte.org/amd-chipset-vulnerability-leaks-passwords-fix-available/

AMD has disclosed details of a chipset vulnerability that can allow unprivileged users to read and dump certain types of memory pages in Windows. This technique allows an attacker to steal passwords or activate other types of attacks, including bypassing standard mitigations of KASLR exploitation (aka Specter and Meltdown) (via The record).

Word of the bug came in a coordinated disclosure with Kyriakos Economou, a security researcher and co-founder of ZeroPeril, who exploited the vulnerability to download several gigabytes of sensitive data from affected AMD processors, but in as a non-administrator user. AMD has prepared mitigations which can be downloaded as part of its latest chipset drivers or by using Windows Update to update the AMD PSP driver (update details are below).

AMD initially released the patch several weeks ago, but did not reveal the vulnerabilities that were fixed. This new disclosure answers these questions.