On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in "ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms" from researchers at ETH Zurich. The research demonstrates performing Rowhammer attacks on DDR4 and DDR5 memory using AMD "Zen" platforms. Given the history around Rowhammer, the researchers do not consider these rowhammering attacks to be a new issue.

Mitigation
AMD continues to assess the researchers' claim of demonstrating Rowhammer bit flips on a DDR5 device for the first time. AMD will provide an update upon completion of its assessment.

A team of academic researchers has uncovered a critical vulnerability in Apple M-series CPUs targeting data memory-dependent prefetcher (DMP) that could allow attackers to extract secret encryption keys from Macs. The flaw, called GoFetch, is based on the microarchitecture design of the Apple Silicon, which means that it cannot be directly patched and poses a significant risk to users' data security. The vulnerability affects all Apple devices powered by M-series chips, including the popular M1 and M2 generations. The M3 generation can turn a special bit off to disable DMP, potentially hindering performance. The DMP, designed to optimize performance by preemptively loading data that appears to be a pointer, violates a fundamental requirement of constant-time programming by mixing data and memory access patterns. This creates an exploitable side channel that attackers can leverage to extract secret keys.

To execute the GoFetch attack, attackers craft specific inputs for cryptographic operations, ensuring that pointer-like values only appear when they have correctly guessed bits of the secret key. By monitoring the DMP's dereference behavior through cache-timing analysis, attackers can verify their guesses and gradually unravel the entire secret key. The researchers demonstrated successful end-to-end key extraction attacks on popular constant-time implementations of both classical and post-quantum cryptography, highlighting the need for a thorough reevaluation of the constant-time programming paradigm in light of this new vulnerability.

An emergency update is being pushed for Surveillance Center in response to a severe vulnerability detected in the software that could potentially allow an attacker to gain control elevated privileges to execute code on ADM to install malware. This update fixes this underlying vulnerability. ASUSTOR strongly urges all users of Surveillance Center for ADM to install the latest version as soon as possible to protect themselves and to minimize the risk of malware infection. ASUSTOR also recommends taking additional security measures to guard against the potential harms of malware in accordance with previously announced protective measures.

ASUSTOR strongly recommends taking the following actions to ensure your data is secure:

• Change your password.
• Use a strong password.
• Change default HTTP and HTTPS ports. Default ports are 8000 and 8001 respectively.
• Turn off Terminal/SSH and SFTP services and other services you do not use.
• Make regular backups and ensure backups are up to date.
• Turn on and update snapshots if available.
• Enable the AbuseIPDB risk detection greylist.

New York-based security firm Trail of Bits has identified a security vulnerability with various GPU models, which include AMD, Qualcomm, and Apple. This vulnerability, named LeftoverLocals, could potentially allow attackers to steal large amounts of data from a GPU's memory. Mainstream client-GPUs form a sizable chunk of the hardware accelerating AI and LLMs, as they cost a fraction of purpose-built data-center GPUs, and are available in the retail market. Unlike CPUs, which have undergone extensive hardening against data leaks, GPUs were primarily designed for graphics acceleration and lack similar data privacy architecture. To our knowledge, none of the client GPUs use virtualization with their graphics memory. Graphics acceleration in general is a very memory sensitive application, and requires SIMD units to have bare-metal access to memory, with as little latency as possible.

First the good news—for this vulnerability to be exploited, it requires the attacker to have access to the target device with the vulnerable GPU (i.e. cut through OS-level security). The attack could break down data silos on modern computers and servers, allowing unauthorized access to GPU memory. The potential data breach could include queries, responses generated by LLMs, and the weights driving the response. The researchers tested 11 chips from seven GPU makers and found the vulnerability in GPUs from Apple, AMD, and Qualcomm. While NVIDIA, Intel, and Arm first-party GPUs did not show evidence of the vulnerability, Apple, Qualcomm, and AMD confirmed to wired that their GPUs are affected, and that they're working on a security response. Apple has released fixes for its latest M3 and A17 processors, but older devices with previous generations of Apple silicon remain vulnerable. Qualcomm is providing security updates, and AMD plans to offer mitigations through driver updates in March 2024.

Binarly's research team has discovered a collection of security vulnerabilities known as "LogoFAIL", which affects image parsing components within the UEFI firmware of a wide array of devices. These vulnerabilities are especially concerning because they are embedded within the reference code provided by Independent BIOS Vendors (IBVs), affecting not just a single vendor but a broad spectrum of devices that utilize this code. LogoFAIL is particularly dangerous because it allows attackers to bypass crucial security measures such as Secure Boot and Intel Boot Guard by executing a payload during the device's boot process. This is achieved by storing malicious images on the EFI System Partition or within unsigned sections of firmware updates. This method can compromise system security deeply without altering the runtime integrity of the bootloader or firmware, unlike other threats such as BlackLotus or BootHole.

The potential reach of LogoFAIL vulnerability is rather wide, with millions of consumer and enterprise-grade devices from various vendors, including ones like Intel, Acer, and Lenovo, being vulnerable. The exact list of affected devices is still undetermined, but the prevalence of the IBVs' code across numerous devices suggests that the impact could be widespread, with both Windows and Linux users being affected. Only PCs that don't allow any logotype displayed in the UEFI during the boot process are safe. Apple's Macs are secure as they don't allow any add-on images during boot, and some OEM prebuilt PCs, like the ones from Dell, don't allow images in the UEFI. Some makers like Lenovo, AMI, and Insyde have already published notes about cautiously uploading custom images to the UEFI and providing BIOS updates. Consumers and enterprises must check with their OEMs and IBVs for BIOS microcode updates to patch against this vulnerability.Below, you can see the proof of concept in a YouTube video.

Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.

Hardware cybersecurity pioneer and industrial NAND storage specialist, Flexxon, today announced the launch of its latest security product, Xsign. Now available globally, the Xsign provides enhanced security through an innovative approach to unlocking sensitive data reserved only for authorized personnel.

With the use of the Xsign hardware security key, organisations will be provided with a tailored software platform that syncs only with the Xsign key, thereby granting access to pre-defined users. Beyond its function as a security key, the Xsign also operates as a traditional storage card, equipped with Flexxon's industry leading reliability and performance. Key beneficiaries of the solution include industries that handle personal and sensitive data like the healthcare, finance, and government and defense sectors.

Intel has recently revealed a security vulnerability named Downfall (CVE-2022-40982) that impacts multiple generations of Intel processors. The vulnerability is linked to Intel's memory optimization feature, exploiting the Gather instruction, a function that accelerates data fetching from scattered memory locations. It inadvertently exposes internal hardware registers, allowing malicious software access to data held by other programs. The flaw affects Intel mainstream and server processors ranging from the Skylake to Rocket Lake microarchitecture. The entire list of affected CPUs is here. Intel has responded by releasing updated software-level microcode to fix the flaw. However, there's concern over the performance impact of the fix, potentially affecting AVX2 and AVX-512 workloads involving the Gather instruction by up to 50%.

Phoronix tested the Downfall mitigations and reported varying performance decreases on different processors. For instance, two Xeon Platinum 8380 processors were around 6% slower in certain tests, while the Core i7-1165G7 faced performance degradation ranging from 11% to 39% in specific benchmarks. While these reductions were less than Intel's forecasted 50% overhead, they remain significant, especially in High-Performance Computing (HPC) workloads. The ramifications of Downfall are not restricted to specialized tasks like AI or HPC but may extend to more common applications such as video encoding. Though the microcode update is not mandatory and Intel provides an opt-out mechanism, users are left with a challenging decision between security and performance. Executing a Downfall attack might seem complex, but the final choice between implementing the mitigation or retaining performance will likely vary depending on individual needs and risk assessments.

A new vulnerability has been discovered in AMD Zen 2 based CPUs by Tavis Ormandy, a Google Information Security researcher. Ormandy has named the new vulnerability Zenbleed—also known as CVE-2023-20593—and it's said to affect all Zen 2 based AMD processors, which means Ryzen 3000, 4000 and 5000-series CPUs and APUs, as well as EPYC server chips. The reason why Zenbleed is of concern is because it doesn't require a potential attacker to have physical access to the computer or server in question and it's said to be possible to trigger the vulnerability via executing a javascript on a webpage. This means that the attack vector ends up being massive, at least when we're talking about something like a webhosting company.

Zenbleed is said to allow a potential attacker to gain access to things like encryption keys and user logins via triggering something called "the XMM Register Merge Optimization2, followed by a register rename and a mispredicted vzeroupper." Apparently this requires some precision for the vulnerability to work, but due to these registers being used system wide, even a sandboxed attacker can gain access to them. AMD has already issued a patch for its EPYC server CPUs, which obviously are the most vulnerable systems in question and the company is planning to release patches for all of its Zen 2 based CPUs before the end of the year. Hit up the source links for more details about Zenbleed.

Researchers at the Technical University of Berlin have published a paper called "faulTPM: Exposing AMD fTPMs' Deepest Secrets," highlighting AMD's firmware-based Trusted Platform Module (TPM) is susceptible to the new exploit targeting Zen 2 and Zen 3 processors. The faulTPM attack against AMD fTPMs involves utilizing the AMD secure processor's (SP) vulnerability to voltage fault injection attacks. This allows the attacker to extract a chip-unique secret from the targeted CPU, which is then used to derive the storage and integrity keys protecting the fTPM's non-volatile data stored on the BIOS flash chip. The attack consists of a manual parameter determination phase and a brute-force search for a final delay parameter. The first step requires around 30 minutes of manual attention, but it can potentially be automated. The second phase consists of repeated attack attempts to search for the last-to-be-determined parameter and execute the attack's payload.

Once these steps are completed, the attacker can extract any cryptographic material stored or sealed by the fTPM regardless of authentication mechanisms, such as Platform Configuration Register (PCR) validation or passphrases with anti-hammering protection. Interestingly, BitLocker uses TPM as a security measure, and faulTPM compromises the system. Researchers suggested that Zen 2 and Zen 3 CPUs are vulnerable, while Zen 4 wasn't mentioned. The attack requires several hours of physical access, so remote vulnerabilities are not a problem. Below, you can see the $200 system used for this attack and an illustration of the physical connections necessary.

Google's internal team Project Zero, dedicated to the discovery and patching of zero-day vulnerabilities in mobile hardware, software, web browsers and open source libraries disclosed a series of vulnerabilities in Samsung's Exynos chipsets featured across a wide range of mobile devices. Four of these critical vulnerabilities allow for internet-to-baseband remote code execution, and testing conducted by Project Zero confirmed that an attacker can compromise a phone at the baseband level with only the victim's phone number. They believe that with sufficient skill an attacker could exploit these vulnerabilities completely silently and remotely. The fourteen other vulnerabilities are related but considered to not be as critical as they require a more extensive setup including a malicious mobile network operator or local access to the targeted device.

Due to the severity of the main four critical vulnerabilities Project Zero has delayed full disclosure on how the exploit works stating:

Due to a very rare combination of level of access these vulnerabilities provide and the speed with which we believe a reliable operational exploit could be crafted, we have decided to make a policy exception to delay disclosure for the four vulnerabilities that allow for Internet-to-baseband remote code execution.

Microsoft today unleashed a slew of updates for its March Patch Tuesday to address around 80 security vulnerabilities in the wild. To begin, Windows 10 patches KB5023696 and KB5023697 address system and security issues in Windows 10 versions 22H2, 21H2, 21H1, 1809, and 1607 as well as Windows Server 2016. These are being deployed as non-optional updates and will be automatically installed via Windows Update (unless you run a modified or locked down install). Windows 10 1507 also received a small patch, KB5023713, which similarly addresses security fixes as well as hyperlinks in Excel.

Microsoft today also releases fixes for two critical zero-day vulnerabilities that were being actively exploited as far back as April of 2022. The two exploited vulnerabilities are CVE-2023-23397 and CVE-2023-24880. CVE-2023-23397 is an elevated privilege attack that allows crafting special emails that can force a target's device to connect to remote URLs and transmit the Windows account's Net-NTLMv2 hash. CVE-2023-24880 is a Windows SmartScreen vulnerability that can be exploited to create executables which bypass the Windows Mark of the Web security warning.

Phoenix Technologies, a leading independent firmware supplier for PCs and computing devices, has launched FirmGuard, a cyber security product to address firmware vulnerability. Firmware is the software that connects a device's microchips to the operating system.

Phoenix Technologies is the first UEFI (Unified Extensible Firmware Interface) vendor to offer an enterprise cyber security product. FirmGuard is a cloud-based service, which has been initially targeted at managed service providers (MSPs). It will also be offered to large enterprise and government organizations.

After a thorough investigation and verification process, QNAP Systems, Inc. (QNAP) today addressed vulnerability CVE-2021-36260 of Hikvision cameras and provides the following recommendations to QVR Pro and QVR Elite users who may be potentially affected. According to the security advisory by Hikvision, if these cameras are installed in the same LAN network, and this network cannot be accessed externally, attackers will NOT be able to exploit this vulnerability.

Although this vulnerability does not directly influence QNAP surveillance products, it is highly recommended to update the firmware of the cameras listed in the advisory to reduce the possibility of being exposed to potential risks. These risks include, but is not limited to, failure to record from cameras that stop working, or receiving forged data from cameras.

The x86 CPU family has been vulnerable to many attacks in recent years. With the arrival of Spectre and Meltdown, we have seen side-channel attacks overtake both AMD and Intel designs. However, today we find out that researchers are capable of exploiting Intel's latest 10th, 11th, and 12th generation Core processors with a new CPU bug called ÆPIC Leak. Named after Advanced Programmable Interrupt Controller (APIC) that handles interrupt requests to regulate multiprocessing, the leak is claimeing to be the first "CPU bug able to architecturally disclose sensitive data." Researchers Pietro Borrello (Sapienza University of Rome), Andreas Kogler (Graz Institute of Technology), Martin Schwarzl (Graz), Moritz Lipp (Amazon Web Services), Daniel Gruss (Graz University of Technology), and Michael Schwarz (CISPA Helmholtz Center for Information Security) discovered this flaw in Intel processors.

ÆPIC Leak is the first CPU bug able to architecturally disclose sensitive data. It leverages a vulnerability in recent Intel CPUs to leak secrets from the processor itself: on most 10th, 11th and 12th generation Intel CPUs the APIC MMIO undefined range incorrectly returns stale data from the cache hierarchy. In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel. ÆPIC Leak is like an uninitialized memory read in the CPU itself.

A privileged attacker (Administrator or root) is required to access APIC MMIO. Thus, most systems are safe from ÆPIC Leak. However, systems relying on SGX to protect data from privileged attackers would be at risk, thus, have to be patched.

In 2017, the semiconductor world was shocked to discover new vulnerabilities in modern Intel, AMD, and Arm processors. Dubbed Spectre and Meltdown, these exploits used cache-based side-channel attacks to steal information from the system. Today, we are getting a more advanced side-channel vulnerability hidden in every CPU capable of boosting frequencies. Interestingly called "Heartzbleed," the new exploit can steal secret AES cryptographic keys when observing CPU's boost frequencies. The attack works by monitoring the power signature of any cryptographic workload. As with any other element in a CPU, the workload's power varies according to the processor's frequency scaling in different situations. Observing this power information can be converted into timing data, allowing an attacker to steal cryptographic keys. This is done using Dynamic Voltage Frequency Scaling (DVFS), a part of any modern processor.

Intel and AMD already published that their systems are vulnerable and affected by Heartzbleed exploit. It is labeled Intel-SA-00698 ID and CVE-2022-24436 ID for Intel CPUs and CVE-2022-23823 for AMD CPUs. It affects all Intel processors, and Zen 2 and Zen 3 AMD CPUs. The attacker can exploit this vulnerability remotely without requiring physical access. Intel and AMD will not offer microcode mitigations that should prevent this type of exploit from executing successfully. Additionally, Intel stated that this attack is not very practical outside of laboratory research, as it allegedly takes hours to days to steal cryptographic keys. The performance penalty for mitigating this attack ranges from high to low, depending on the type of implementation.

Apple M1 chips are a part of the Apple Silicon family that represents a new transition to Arm-based cores with new power and performance targets for Apple devices. A portion of building a processor is designing its security enclave, and today we have evidence that M1 processors got a new vulnerability. The PACMAN is a hardware attack that can bypass Pointer Authentication (PAC) on M1 processors. Security researchers took an existing concept of Spectre and its application in the x86 realm and now applied it to the Arm-based Apple silicon. PACMAN exploits a current software bug to perform pointer authentication bypass, which may lead to arbitrary code execution.

The vulnerability is a hardware/software co-design that exploits microarchitectural construction to execute arbitrary codes. PACMAN creates a PAC Oracle to check if a specific pointer matches its authentication. It must never crash if an incorrect guess is supplied and the attack brute-forces all the possible PAC values using the PAC Oracle. To suppress crashes, PAC Oracles are delivered speculatively. And to learn if the PAC value was correct, researchers used uArch side channeling. In the CPU resides translation lookaside buffers (TLBs), where PACMAN tries to load the pointer speculatively and verify success using the prime+probe technique. TLBs are filled with minimal addresses required to supply a particular TLB section. If any address is evicted from the TLB, it is likely a load success, and the bug can take over with a falsely authenticated memory address.

Internet services provider Cloudflare has announced that it has successfully protected one of its clients from one of the most powerful DDoS (Distributed-Denial-of-Service) attacks in history. According to the services provider, an undisclosed cryptocurrency platform was targeted by a botnet comprising around 6,000 "zombie" computers distributed throughout 112 different countries. The botnet ultimately generated a collective 15.3 million requests per second. While that's still shy of the largest recorded metric - set at 17.2 million requests per second - the fact that the DDoS attack occurred through HTTPS likely pushed its complexity above the record-setting attack, due to the higher computational workload of secure HTTP. The attack lasted 15 seconds.

DDoS attacks aim to flood a network with requests and data packets in a bid to overload and paralyze it. The attack also showcases the ingenuity of bad actors, as the originated from cloud-based ISPs, as attackers leverage more complex and capable networking hardware than what's usually offered by last-mile ISPs. According to Cloudflare, the botnet seems to have mostly compromised systems with Java-based applications that were still open to the recently-discovered CVE-2022-21449 vulnerability.

The US Cybersecurity and Infrastructure Security Agency, or CISA, is advising consumers and businesses to retire a whole range of D-Link routers, due to the devices being EOL. This is due to a severe vulnerability that affects the devices that goes under the CVE-ID of CVE-2021-45382. This is a remote command execution (RCE) vulnerability and it's not likely to get patched by D-Link and is considered serious enough that these devices should be taken offline post-haste. The vulnerability would allow an attacker to take over these devices using "diagnostic hooks" in the ncc2 service, which is tied to the DDNS function and would allow an attacker to gain full access by injecting malicious code.

Proof of concept code already exists on GitHub, which makes the likelihood of this attack vector being used even more likely. The known affected devices so far are the D-Link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L and all hardware revisions are affected. Most of these routers were released around 2012 to 2014 and are either 802.11n or 802.11ac devices based on what appears to be Realtek or Ralink (now MediaTek) hardware. These aren't the only devices that CISA has given advice on recently, as the D-Link DIR-610 and DIR-645, as well as the Netgear DGN2200 are also devices that CISA recommends retirement for.

Intel is expanding its Bug Bounty program with Project Circuit Breaker, bringing together a community of elite hackers to hunt bugs in firmware, hypervisors, GPUs, chipsets and more. Project Circuit Breaker broadens and deepens Intel's existing open Bug Bounty program by hosting targeted time-boxed events on specific new platforms and technologies, providing training and creating opportunities for more hands-on collaboration with Intel engineers. Project Circuit Breaker's first event, Camping with Tigers, is already underway with a group of 20 researchers who received systems with Intel Core i7 processors (formerly "Tiger Lake").

Project Circuit Breaker is possible thanks to our cutting-edge research community. This program is part of our effort to meet security researchers where they are and create more meaningful engagement. We invest in and host bug bounty programs because they attract new perspectives on how to challenge emerging security threats - and Project Circuit Breaker is the next step in collaborating with researchers to strengthen the industry's security assurance practices, especially when it comes to hardware. We look forward to seeing how the program will evolve and to introducing new voices to the meaningful work that we do."
-Katie Noble, director, Intel Product Security Incident Response Team (PSIRT) and Bug Bounty

Intel's fourth-generation Core processors, codenamed Haswell, are subject to new security exploits. According to the company, a vulnerability exists inside the graphics controller of 4th generation Haswell processors, happening once the DirectX 12 API loading occurs. To fix the problem, Intel has found that disabling this API results in a fix. Starting with Intel graphics driver 15.40.44.5107 applications that run exclusively on DirectX 12 API no longer work with the following Intel Graphics Controllers: Intel Iris Pro Graphics 5200/5100, HD Graphics 5000/4600/4400/4200, and Intel Pentium and Celeron Processors with Intel HD Graphics based on 4th Generation Intel Core.

"A potential security vulnerability in Intel Graphics may allow escalation of privilege on 4th Generation Intel Core processors. Intel has released a software update to mitigate this potential vulnerability. In order to mitigate the vulnerability, DirectX 12 capabilities were deprecated." says the Intel page. If a user with a Haswell processor has a specific need to run the DirectX 12 application, they can downgrade their graphics driver to version 15.40.42.5063 or older.

The x86 instruction set architecture has experienced many issues, and today's announcement is no exception. Yesterday morning, the Linux kernel received an urgent set of patches that are supposed to fix "yet another hardware trainwreck," as Thomas Gleixner, the kernel developer, describes. This time, the problem occurs with the high precision event timer (HPET) that stops once x86 processors reach PC10 idle state. In that event, the timer stops even when the OS/kernel uses it and could potentially cause a vulnerability inside a processor that an attacker can exploit. The problem has been known for quite a while since, in 2019, the Linux kernel started removing HPET functionality from some Intel processors.

The priority of this patch for Linux Kernel version 5.15-rc5 is high and marked as an urgent update. A reliable hardware timer and an interrupt are a must for the proper function of a processor. The hardware fix for this will not happen soon, so the Linux kernel has to adapt to it and create a solution at the software level. According to Mr. Gleixner, "The probability that this problem is going to be solved in the forseeable future is close to zero, so the kernel has to be cluttered with heuristics to keep up with the ever growing amount of hardware and firmware trainwrecks. Hopefully some day hardware people will understand that the approach of "This can be fixed in software" is not sustainable. Hope dies last..."

Cybersecurity researchers Saidgani Musaev and Christof Fetzer with the Dresden Technology University discovered a novel method of forcing illegal data-flow between microarchitectural elements on AMD processors based on the "Zen+" and "Zen 2" microarchitectures, titled "Transient Execution of Non-canonical Accesses." The method was discovered in October 2020, but the researchers followed responsible-disclosure norms, giving AMD time to address the vulnerability and develop a mitigation. The vulnerability is chronicled under CVE-2020-12965 and AMD Security Bulletin ID "AMD-SB-1010."

The one-line summary of this vulnerability from AMD reads: "When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits, potentially resulting in data leakage." The researchers studied this vulnerability on three processors, namely the EPYC 7262 based on "Zen 2," and Ryzen 7 2700X and Ryzen Threadripper 2990WX, based on "Zen+." They mention that all Intel processors that are vulnerable to MDS attacks "inherently have the same flaw." AMD is the subject of the paper as AMD "Zen+" (and later) processors are immune to MDS as demonstrated on Intel processors. AMD developed a mitigation for the vulnerability, which includes ways of patching vulnerable software.

Find the security research paper here (PDF), and the AMD security bulletin here. AMD's mitigation blueprint can be accessed here.

Remember that hideous, remotely exploitable vulnerability on Windows' Print Spooler service, which would enable remote attackers to run code with administrator privileges on your machine? Well, Microsoft seems to be waking up from this particular instance of PrintNightmare, as the company has already issued critical, out-of-band security updates (meaning that they're outside Microsoft's cadenced patch rollout) for several versions of windows. Since the Print Spooler service runs by default and is an integral part of Windows releases (likely since the NT platform development), Microsoft has even pushed out patches to OSs that aren't currently supported.

Microsoft has issued correctives for Windows Server 2019, Windows Server 2012 R2, Windows Server 2008, Windows 8.1, Windows RT 8.1, a variety of supported versions of Windows 10, and even Windows 7. As per Microsoft, Windows Server 2012, Windows Server 2016, and Windows 10 Version 1607 products are still missing the security patches, but they're being actively worked on and should be released sooner rather than later. The security patches include mitigations for both the PrintNightmare issue (CVE-2021-34527), as well as another Print Spooler vulnerability that's been previously reported (CVE-2021-1675). The mitigations are being distributed via Windows Update, as always, and the relevant packages are KB5004945 through KB5004959 (depending on your version of Windows).

Microsoft has acknowledged the existence of a severe and currently unpatched vulnerability in Windows' Print Spooler service (CVE-2021-34527). The vulnerability affects all versions of Windows, and is being actively exploited as per Microsoft. Poetically named "PrintNightmare", the vulnerability was published earlier this week as a PoC (Proof of Concept) exploit by security researchers, which believed the flaw had already been addressed by Microsoft at time of release (the company patched up another Print Spooler vulnerability issue with the June 2021 security patch). The code was made public and quickly scrapped when developers realized it gave would-be bad actors access to an unpatched way into users' systems - but since it's the Internet, the code had already been forked in GitHub.

The vulnerability isn't rated by the Windows developer as of yet, but it's one of the bad ones: it allows attackers to remotely execute code with system-level privileges. This is the ultimate level of security vulnerability that could exist. Microsoft is currently investigating the issue and developing a patch; however, given the urgency in closing down this exploit, the company is recommending disabling of the Windows Print Spooler service wherever possible, or at least disabling inbound remote printing through Group Policy. If you don't have a printer, just disable the service; if you do, please disable the Group Policy as per the steps outlined in the image below.