AMD Rolls Out Spectre Fixes

AMD Rolls Out Spectre Fixes

AMD said that CPU firmware and Windows 10 patches are now available to safeguard its products against the Spectre security flaw.Mark Papermaster, seni

How Russia Hacks You
HackerOne Offers Open Source Projects Free Access to Platform
Experts contend Microsoft canceled Feb. updates to patch NSA exploits

AMD said that CPU firmware and Windows 10 patches are now available to safeguard its products against the Spectre security flaw.

Mark Papermaster, senior vice president and chief technology officer at AMD, said in a Tuesday post that Spectre fixes are available for AMD customers, who can download BIOS updates provided by PC and server manufacturers and motherboard providers.

“These mitigations require a combination of processor microcode updates from our OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows,” said Papermaster.

AMD said that its Spectre microcode updates date back to the first “Bulldozer” core products introduced in 2011.

The chip manufacturer’s announcement parallels Microsoft’s Patch Tuesday updates, which include an operating system update addressing Spectre. These Spectre mitigations are for AMD users running Windows 10 (version 1709) today, said AMD.

Meltdown and Spectre, two security flaws first discovered by Google Project Zero,  account for three variants of a side-channel analysis security issue in server and desktop processors, could potentially allow hackers to access users’ protected data.

While Meltdown breaks down the mechanism keeping applications from accessing arbitrary system memory, Spectre tricks other applications into accessing arbitrary locations in their memory.

Support for the mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing, said AMD.

For Linux users, “AMD recommended mitigations for GPZ Variant 2 were made available to our Linux partners and have been released to distribution earlier this year,” according to Papermaster’s post.

The Spectre and Meltdown security flaws have impacted an array of processors on the market, including those from Intel, ARM and AMD.

Intel in March said it would release microcode updates for all Intel products launched in the past five years, and has introduced hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws.

AMD for its part said that it is only impacted by Spectre – not Meltdown – and Papermaster maintained in the post  that he believes it is difficult to exploit Variant 2 on AMD processors.

“While we believe it is difficult to exploit Variant 2 on AMD processors, we actively worked with our customers and partners to deploy the above described combination of operating system patches and microcode updates for AMD processors to further mitigate the risk,” Papermaster said.

Go to Source

COMMENTS