Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

AMD Working on Microcode Updates to Mitigate Spectre Attack

AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs.

AMD has informed customers that it will soon release processor microcode updates that should mitigate one of the recently disclosed Spectre vulnerabilities, and Microsoft has resumed delivering security updates to devices with AMD CPUs.

Shortly after researchers revealed the Spectre and Meltdown attack methods, which allow malicious actors to bypass memory isolation mechanisms and access sensitive data, AMD announced that the risk of attacks against its products was “near zero.”

The company has now provided additional information on the matter, but maintains that the risk of attacks is low.

According to AMD, its processors are not vulnerable to Meltdown attacks thanks to their architecture. They are, however, vulnerable to Spectre attacks.

Spectre attacks are made possible by two vulnerabilities: CVE-2017-5753 and CVE-2017-5715. The former does impact AMD processors, but the chipmaker is confident that operating system patches are sufficient to mitigate any potential attacks.

Microsoft announced a few days ago that it had suspended the delivery of security updates to devices with AMD processors due to some compatibility issues. AMD said the problem affected some older processors, including Opteron, Athlon and Turion families.

Microsoft said on Thursday that it had resumed the delivery of updates to a majority of AMD devices, expect for a “small subset” of older processors. AMD told customers it expects the issue to be corrected for the remaining processors by next week.

As for the second Spectre vulnerability, AMD believes it is difficult to exploit against its products. Nevertheless, the company has been working with operating system vendors to develop patches, and it has also promised to provide optional microcode updates.

Advertisement. Scroll to continue reading.

The microcode updates should become available for Ryzen and EPYC processors in the next days, and for previous generation products sometime over the coming weeks. The updates will be available from system manufacturers and OS vendors.

AMD claims its GPUs are not impacted by the vulnerabilities. NVIDIA also says its GPUs are immune, but the company has still provided some display driver updates to help mitigate the CPU flaws.

Intel has already released patches, including processor microcode updates, for many of its processors. Linux users can install the microcode updates through the operating system’s built-in mechanism.

The fixes for the Spectre and Meltdown vulnerabilities appear to cause problems on some systems. Ubuntu users complained that their devices failed to boot after installing updates, forcing Canonical to release a new kernel update to address the issue.

Intel has also become aware of reports that systems with Broadwell and Haswell CPUs reboot more often as a result of the patches.

“We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue,” the company stated.

Related: IBM Starts Patching Spectre, Meltdown Vulnerabilities

Related: Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patches

Related: Lawsuits Filed Against Intel Over CPU Vulnerabilities

Related: Industry Reactions to Meltdown, Spectre Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...