Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

Intel and AMD publish 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. 

Quantum computing certificate risks

Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. 

Intel published eight new advisories, including two that describe high-severity vulnerabilities. One of the high-severity issues is a local privilege escalation impacting BIOS firmware for some Intel processors. 

The second is a local privilege escalation that impacts the on-chip debug and test interface in some 4th Generation Intel Xeon processors when using SGX or TDX technology. 

The remaining nine issues have a ‘medium’ or ‘low’ severity rating. Most of them impact processors and their exploitation could lead to information disclosure, denial of service, and local privilege escalation.

One of the information disclosure vulnerabilities, discovered internally by Intel and tracked as CVE-2023-28746, impacts only Atom processors. Named Register File Data Sampling (RFDS), the flaw has been described as a microarchitectural vulnerability that can allow a local attacker to obtain potentially sensitive data from memory. 

The issue has been compared to previously disclosed Microarchitectural Data Sampling (MDS) flaws. 

“At this time, there is no known practical RFDS value injection transient execution attack,” Intel noted.

One of Intel’s advisories covers four medium- and low-severity issues that can lead to DoS attacks, information disclosure, and privilege escalation. They impact the Converged Security Management Engine (CSME) installer, Local Manageability Service software, and Server Platform Servcies (SPS).

Advertisement. Scroll to continue reading.

The chip giant has released microcode updates and other patches that should address these vulnerabilities. 

Many of the flaws were found internally by Intel, which recently reported patching 353 security holes last year.

AMD has published two advisories. One is in response to a newly disclosed microarchitectural vulnerability named GhostRace, which impacts all major CPU makers, as well as Linux and other software. 

Intel does not appear to have mentioned GhostRace in its latest advisories, despite financially supporting the project. 

The second AMD advisory covers a WebGPU browser-based GPU cache side-channel attack method whose details will likely be made public soon by a team of academic researchers. 

“AMD does not believe that any exploit against AMD products is demonstrated by the researchers,” the company said.

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 130 Vulnerabilities

Related: Chipmaker Patch Tuesday: Intel, AMD Address Over 100 Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Cody Barrow has been appointed the new CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

More People On The Move

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Data Protection

By implementing strong security practices,, organizations can significantly reduce the risks associated with lost and stolen computers and safeguard their sensitive information.

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...