Thursday, March 15th 2018
CTS Labs Posts Some Clarifications on AMD "Zen" Vulnerabilities
CTS-Labs the research group behind the AMD "Zen" CPU vulnerabilities, posted an addendum to its public-release of the whitepaper, in an attempt to dispel some of the criticism in their presentation in the absence of technical details (which they shared with AMD and other big tech firms). In their clarification whitepaper, quoted below, they get into slightly more technical details on each of the four vulnerability classes.
Clarification About the Recent Vulnerabilities
[CTS Labs] would like to address the many technical points and misunderstandings with a few technical clarifications about the vulnerabilities. The vulnerabilities described in our site are second-stage vulnerabilities. What this means is that the vulnerabilities are mostly relevant for enterprise networks, organizations and cloud providers.
Computers on enterprise networks occasionally get compromised - whether through phishing attempts, zero-day exploits or employees downloading the wrong file. High-security enterprise networks are equipped to deal with these kinds of "every-day" attacks. They do this by keeping their systems up to date, enabling security features, and employing additional measures such as endpoint security solutions.
The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams.
The only thing the attacker would need after the initial local compromise is local admin privileges and an affected machine. To clarify misunderstandings - there is no need for physical access, no digital signatures, no additional vulnerability to reflash an unsigned BIOS. Buy a computer from the store, run the exploits as admin - and they will work (on the affected models as described on the site).
Attackers in possession of these vulnerabilities would receive the following additional capabilities:
These are the machines we have tested the vulnerabilities on. On our site, every red circle in the vulnerabilities map represents a working PoC that was tested in our lab.
This is the list of hardware that has been tested in our lab:
Requirements
Requirements:
The MASTERKEY set of vulnerabilities enable an attacker to execute unsigned code inside the PSP. Totaling a complete compromise of the Secure Processor. The exploit reflashes the BIOS to take advantage of the vulnerability:
Requirements:
The CHIMERA set of vulnerabilities are a set Manufacturer Backdoors left on the AMD Chipset, developed by Taiwanese company ASMedia.
Source:
Safe Firmware
[CTS Labs] would like to address the many technical points and misunderstandings with a few technical clarifications about the vulnerabilities. The vulnerabilities described in our site are second-stage vulnerabilities. What this means is that the vulnerabilities are mostly relevant for enterprise networks, organizations and cloud providers.
Computers on enterprise networks occasionally get compromised - whether through phishing attempts, zero-day exploits or employees downloading the wrong file. High-security enterprise networks are equipped to deal with these kinds of "every-day" attacks. They do this by keeping their systems up to date, enabling security features, and employing additional measures such as endpoint security solutions.
The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams.
The only thing the attacker would need after the initial local compromise is local admin privileges and an affected machine. To clarify misunderstandings - there is no need for physical access, no digital signatures, no additional vulnerability to reflash an unsigned BIOS. Buy a computer from the store, run the exploits as admin - and they will work (on the affected models as described on the site).
Attackers in possession of these vulnerabilities would receive the following additional capabilities:
- Persistency: Attackers could load malware into the AMD Secure Processor before the CPU starts. From this position they can prevent further BIOS updates and remain hidden from security products. This level of persistency is extreme - even if you reinstall the OS or try to reflash the BIOS - it won't work. The only way to remove the attacker from the chip, would be to start soldering out chips. (we have seen a motherboard that had a socket where you can switch chips - then you could just put a new SPI chip).
- Stealth: Sitting inside the AMD Secure Processor or the AMD Chipset is, at the moment, outside the reach of virtually all security products. AMD chips could become a safe haven for attackers to operate from.
- Network Credential Theft: The ability to bypass Microsoft Credentials Guard and steal network credentials, for example credentials left by the IT department on the affected machine. We have a PoC version of mimikatz that works even with Credential Guard enabled. Stealing domain credentials could help attackers to move to higher value targets in the network.
- Specific AMD Secure Processor features for cloud providers, such as Secure Encrypted Virtualization, could be circumvented or disabled by these vulnerabilities.
These are the machines we have tested the vulnerabilities on. On our site, every red circle in the vulnerabilities map represents a working PoC that was tested in our lab.
This is the list of hardware that has been tested in our lab:
- BIOSTAR B350 GT3 Ryzen Motherboard.
- GIGABYTE AB350-GAMING 3
- HP EliteDesk 705 G3 SFF Ryzen Pro machine
- HP Envy X360 Ryzen Mobile Laptop
- TYAN B8026T70AV16E8HR EPYC SERVER
- GIGABYTE MZ31-AR0 EPYC SERVER
Requirements
- Physical access is not required. An attacker would only need to be able to run an EXE with local admin privileges on the machine.
- Write to SMM memory, leading to code execution in SMM.
- Reading and/or tampering with Credential Guard VTL-1 memory through the PSP.
- Ryzenfall-4, which achieves code execution inside the PSP, leads to all the attacker capabilities described above, as well as the capability to tamper with the PSP and its security features.
- An attacker can use RYZENFALL or FALLOUT to bypass Windows Credential Guard, steal network credentials, and then use these to move laterally through Windows-based enterprise networks
Requirements:
- Physical access is not required. An attacker would only need to be able to run an EXE with local admin privileges on the machine.
- Wait for reboot.
The MASTERKEY set of vulnerabilities enable an attacker to execute unsigned code inside the PSP. Totaling a complete compromise of the Secure Processor. The exploit reflashes the BIOS to take advantage of the vulnerability:
- On some motherboards - this works out of the box. This is because PSP firmware is often ignored by BIOS signature checks.
- In other cases - RYZENFALL #1-2 could be used as a prerequisite for MASTERKEY to achieve code execution in SMM and bypass BIOS signature checks made in SMM code.
- Even if all else fails, we believe using RYZENFALL-4 to write to SPI flash from inside the PSP is probably possible.
Requirements:
- Physical access is not required. An attacker would only need to be able to run an EXE with local admin privileges on the machine.
The CHIMERA set of vulnerabilities are a set Manufacturer Backdoors left on the AMD Chipset, developed by Taiwanese company ASMedia.
- This allows for an attacker to inject malicious code into the chip and take over the chipset (Read/Write/Execute).
- One set of backdoors in implemented in firmware, while the other is implemented in the actual logic gates of the chip (ASIC). Both yield to the same impact.
89 Comments on CTS Labs Posts Some Clarifications on AMD "Zen" Vulnerabilities
totally could't patch this at ring0 either...
or hey lets not allow mounting /uefi as rw in linux
or I don't know maybe just get AMD the month it would have taken to patch this instead of declaring it was unpatchable to short stock
But I will tell you this, if I had to draw that Venn diagram of someone stupid enough, and just savvy enough I bet your would be in the overlap.
so yea
and I pretty much covered debucking cts's claims already
bios write protect is usually defaulted to on if its not it can be enabled
this is totally patchable by microsoft at there level via ring0 or kernel patch/fixing the borked driver
a bios update would address all of this
and again if you have administrative access you are already PWN3D everything on the machine is now tainted everything done on the machine is tainted all passwords and logins should be considered compromised
the whole issue is that the bugs in question are presented in such as way as to generate maximum fud/drama and or make amd look bad (which they really don't need any help with)
-
btw intel's ME has been known for a long time to have the same kind of exploites
Going back to topic, AMD hasnt confirmed or denied the flaws yet, so this is still relevant.
still not good but there's more to come yet imo.
As long as the story is based on valid information. It leaves us the reader the right to make our own judgements on whatever we read.
If they decide to use resources on such an article, well I'm pretty sure they can monitor there web traffic and I bet can make a decision on putting more effort in updating the article.
So why give them a hard time for posting news thats out there. If it bothers you don't read it.
Now My opinion on CTS releasing the information to public to speed up patches is absurd. Not only does AMD have to make patches, they have to make sure there patches are going to work with tons of different hardware configurations. I'm pretty sure this will take time. Pirates or hackers have one goal and one target and I'm pretty sure software compatibility with the hardware isn't a concern.
Now if ALL these vulnerabilities need admin privileges, well to me there has to be an alternative motive for CTS. And if that is the case lets hope they get spanked with some legal action that sticks.
I started laughing really hard when I read the exploits, almost fell out of my chair!
www.extremetech.com/computing/265695-cts-labs-responds-allegations-bad-faith-amd-security-disclosures-digs-deeper-hole#disqus_thread
Feel free to read this guide , How to flash Modded Bios (Yep So damn many hard STEP ):
puissanceled.com/vrac/Bios_modding/EN.html
Edit : oh i forgot something ,on my ASUS Prime X370 Pro , i updated Bios but I can't revert back to Old Bios, This does Not allow me ,I don't know it's ASUS or New Version of AMD AGESA 1.0.0.6
Also, most of these still seem to require physicall access so.
Edit, quoted wizz by mistake.
*) There have been ways to do privilege escalation.
Note: I'm not commenting on the validity of the claimed vulnerabilities by CTS-Labs. I would encourage everyone to remain skeptical and wait for potential evidence.
Every CPU has flaws. Live with it. It's so complex and the focus is more on performance then hardened security.
However it suprises me that the Ryzen pro has these simular flaws, when bios is modded. Ryzen pro is being sold as a 'safer' CPU compared to normal ryzen.
www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs