CTS-Labs Posts Ryzen Windows Credential Guard Bypass Proof-of-concept Video

[ikeke]

This TPU bashing crap needs to stop.

How was I bashing? Which part of my statement can be taken like bashng? I was merely stating my own opinion.

That and the point there still is no valid update on CTS-Labs original "13 world-ending exploits" claim.

 

[Deleted member 50521]

Just for the lulz, somebody actually made a CTSflaws website.

https://www.ctsflaws.com


Man these guys are probably looking to short CTS stock value. Oh wait, nvm

 

[lexluthermiester]

How was I bashing? Which part of my statement can be taken like bashing? I was merely stating my own opinion. That and the point there still is no valid update on CTS-Labs original "13 world-ending exploits" claim.

Stop trolling please.

 

[RejZoR]

Most not all. The majority of the script-kiddies out there are of little concern, true, but it's the ones with real skills that are of concern. And there are a lot of them. Do you want to be the nitwit who told their boss it was nothing to worry about and then was victimized by the very same problem? You'd be out of a job so fast it would make your head spin. EVERY vulnerability like this is a serious vulnerability which requires serious attention and consideration. It would be irresponsible, negligent, reckless and unprofessional to treat this with less seriousness than any other system cracking vulnerability.

Enough with the FUD. Try taking off the tin hat and seeing the problems for what they are.

What FUD? Only FUD is from CTS side. It's a TERRIBLE EXPLOIT OH MAH GOD, WAVING WITH HANDS IN THE AIR. And none of these exploits even work without admin rights. LOL? It's more of an inconvenience or a design flaw than exploit or whatever. Given that AMD has responded with a microcode fix for all of them, I see it as a non issue. I do still have a problem how CTS pushed the info out giving AMD just 24 hours, that slandering shit from Viceroy and the fact they keep on making it all about AMD even though what really seems to be the real problem is ASMEDIA which surprisingly no one seems to talk about much. ASMEDIA chipsets come on Intel boards as well and yet all the focus is on AMD for some dumb reason. But sure, it's my tin hat...

 

[R-T-B]

I'm actually of the opinion that as an exploitable issue, these don't amount to much. There are very targeted use cases in which some very select users may be concerned, but that's it.

What's more disturbing is that they point to lax practices inside AMD and ASMedia in general. I don't like that. Not that that's anything unusual these days, but that's even more disturbing.

Seriously, if you are going to push "hardware security" try and give a shit about how the hardware thinks, please?

 

[ikeke]

Im stating that this is the highest trending topic/news on TPU. I cant call it objective, sorry.

How am I trolling, exactly?

 

[DeathtoGnomes]

It's obvious what cts is trying to do, so i denounce anything they do. I trust the developer of the arch on fixes before a 3rd party such as CTS.

I wonder if AMD might pursue a lawsuit for libel.

I do hope AMD sues, it would be like a free publicity stunt for them.

 

[Vya Domus]

CTS were just a tool , someone else is behind them. Either Viceroy or someone else.

 

[lexluthermiester]

I'm actually of the opinion that as an exploitable issue, these don't amount to much. There are very targeted use cases in which some very select users may be concerned, but that's it.

To be fair, Meltdown & Spectre are in the same boat. As with most vulnerabilities, they are difficult for the general user base to pull off but that is not why they should taken seriously. These are things that are still possible to pull off and presents a distinct danger to data/system security.

 

[btarunr]

No, it is not serious. If you are already in a privilidged shell, nothing else matters anymore.

You do realize that software seeking elevated privileges doesn't need you to key in admin password, don't you?

Imagine you're just another desktop PC user running a Ryzen processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button. That's it. You just gave something from the internet elevated privileges, enough to install a remote shell for a haxxor sitting across the globe, to access your hardware, and plant exploits that survive reboots and re-installs.

CTS were just a tool , someone else is behind them. Either Viceroy or someone else.

They themselves admitted that they're a for-profit company that's paid by stock research firms (not Viceroy, but someone with an identical modus operandi).

 

[ikeke]

Imagine you're just another desktop PC user running a Ryzen processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button.

No regular user (in domain/work network) should/will ever have admin access. In environment with security protocols in place this is impossible.

(any users in my domain try something like this I'll just have a talk with them and point out the obvious, "you do not click on random stuff/files downloaded from the internet")

 

[lexluthermiester]

No regular user (in domain/work network) should/will ever have admin access.

That is a huge assumption on your part and is incorrect. Additionally, there are fine grained levels of admin access that can and are granted for various tasks within a company/network. Then there are IT admins themselves who often don't use proper security methodologies either out of ignorance or incompetence.

In environment with security protocols in place this is impossible.

Incorrect again. There are many ways around network security, even in a Unix/Linux based environment.

 

[ikeke]

Again, if Joe Average in your network has (unrestricted) admin access then Amdflaws is the least of your worries.

And yet again, we add a lot of "if" in order to make the CTS-Labs claims viable. Still no "staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture" (quote from TPU original post).

 

[lexluthermiester]

Again, if Joe Average in your network has (unrestricted) admin access then Amdflaws is the least of your worries. And yet again, we add a lot of "if" in order to make the CTS-Labs claims viable. Still no "staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU micro-architecture" (quote from TPU original post).

You're not getting it. The "if" is at the core of these problems. Just because they are difficult to exploit doesn't mean you can dismiss them as harmless. And if you are, or may become, a target, would you want them fixed or left as-is to be taken advantage of? If you say anything other than "fixed", you are completely unqualified to be offering IT/network security advice and certainly unqualified to be a IT/network administrator. You're lucky you don't work for me. You'd already be out of a job as the attitude displayed here is completely intolerable.

 

[ikeke]

I am lucky indeed, true that.

Just because they are difficult to exploit doesn't mean you can dismiss them as harmless.

vs

"staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture" (quote from TPU original post)

Leaving them "as-is" is something i cant recall i've ever said...

 

[btarunr]

Again, if Joe Average in your network has (unrestricted) admin access then Amdflaws is the least of your worries.

Your dank meme generator installer running on elevated privileges will create a remote shell, haxxor then uses Ryzenfall-enhanced mimikatz to see your unhashed admin password. It's cake from there on.

 

[ikeke]

OK, i get it. It's a cake.

https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

I quote:

"There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers (see https://www.usenix.org/system/files/1401_08-12_mickens.pdf, Figure 1)

These types of vulnerabilities should not surprise any security researchers; similar flaws have been found in other embedded systems that have attempted to implement security features. They are the result of simple programming flaws, unclear security boundaries, and insufficient security testing. In contrast, the recent Meltdown and Spectre flaws required previously unknown techniques and novel research advances to discover and exploit."

https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

I quote:

The security issues identified by the third-party researchers are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

I find it weird to have continued discussion on this topic at the same original "staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture " topic, since the magnitude of these issues was played as something they clearly werent. And this continues even after outside evaluation and AMDs reply. Somehow any bone CTS-Labs throws has so much weight to it..

For a fact, these exploits, based on POC, would be undeployable in environments i know of.

There are safeguards in place, for a reason.

 

[ssdpro]

I came back to see if there were any updates here and see the back and forth temper tantrums continue. Why is there even debate anymore? AMD already acknowledged the vulnerabilities in whole. AMD is crafting fixes for those vulnerabilities. If there was no risk there would be no fix but fixes are coming. Are these high risk? No, but there is risk so it needs a fix. Chips have flaws. Intel chips have flaws. AMD chips have flaws. What is so hard to understand and accept?

 

[john_]

You do realize that software seeking elevated privileges doesn't need you to key in admin password, don't you?

Imagine you're just another desktop PC user running a Ryzen processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button. That's it. You just gave something from the internet elevated privileges, enough to install a remote shell for a haxxor sitting across the globe, to access your hardware, and plant exploits that survive reboots and re-installs.

Ryzen processor detected. Installing malware.

You do realize that software seeking elevated privileges doesn't need you to key in admin password, don't you?

Imagine you're just another desktop PC user running a Coffee Lake processor, and have the average joe's understanding of computers. You download a harmless looking free software (something that makes GIFs, converts videos, etc., to help you post dank memes). You run its installer, the installer seeks elevated privileges (in order to install software). You give it those privileges at the click of a button. That's it. You just gave something from the internet elevated privileges, enough to install a remote shell for a haxxor sitting across the globe, to access your hardware, and plant exploits that survive reboots and re-installs.

Intel processor detected. Abort! Abort!! ABORT!!!



I love it how CTS managed to make the installation of malware synonym to having a Ryzen processor.
Any new videos from CTS for the front page?

 

[W1zzard]

Im stating that this is the highest trending topic/news on TPU. I cant call it objective, sorry.

How am I trolling, exactly?

Updated the first sentences in the article, good catch. It's highest trending because it has huge activity in every metric

 

[ikeke]

Updated the first sentences in the article, good catch. It's highest trending because it has huge activity in every metric

I dont think there are any CVE IDs for any of these sofar, as well.

 

[W1zzard]

I dont think there are any CVE IDs for any of these sofar, as well.

reworded to "exploits"

 

[RejZoR]

I'm actually of the opinion that as an exploitable issue, these don't amount to much. There are very targeted use cases in which some very select users may be concerned, but that's it.

What's more disturbing is that they point to lax practices inside AMD and ASMedia in general. I don't like that. Not that that's anything unusual these days, but that's even more disturbing.

Seriously, if you are going to push "hardware security" try and give a shit about how the hardware thinks, please?

How do you know they are "lax"? Processors aren't something you throw together in 6 hours. Especially considering Zen was put together from ground up. Just because CTS Labs gave them a ridiculous 24 hour timeframe to address it, that doesn't mean they are incompetent or clueless. Every device has potential issues, it's just a matter of when someone finds them.

Can't say the same for ASMedia. Then again, no one seems to have addressed them specifically as all the focus is on AMD for some dumb reason...

 

[DeathtoGnomes]

CTS were just a tool , someone else is behind them. Either Viceroy or someone else.

have a look at who owns CTS and Viceroy, its a fund manager.

the first video on Gamers Nexus about this makes a mention about that that EVERYONE ignored.

 

[Dave65]

While I find the focus on CTS distasteful, the rhetoric and accusations against TPU are something that should have been dealt with a long time ago. TPU has had militants rally against it for a while now (usually in AMD/Nvidia threads) and the constant "TPU is a shill" cry has gone unpunished, until now. If you invite someone into your house and they shit on your carpet - you really ought to kick them out before they've pulled their trousers up.

As for further coverage of CTS labs technical pieces, it should be noted that the majority of TPU members (from what I've seen) are not that tech savvy. This is not my site (nor do I own one) but as Anandtech and others have done, a fair reflection on the merits of CTS background funding and PR roadshow wouldn't go amiss. There is one thing that will be proven in time and that is a very viable path for discrediting this exploit expose:

CTS says it's not fixable
CTS gives AMD 24 hours notice that they have found said exploit.
AMD says a firmware patch will fix it and they are working on it.

so.....

If patch fixes problem, and it does so within 90 days (standard industry timescale for exploit announcement)...
There would be no issue at all. This is the crux of it all - by not giving due time as is normally allowed, CTS have used unfair media leverage to make AMD look bad. If AMD do patch this (apparently unfixable issue) it makes CTS look like opportunistic little scum bags. This exploit would be history before it was even news but CTS intentionally released the exploit reveal with as little time as possible for AMD to make them look crap.

Therefore, all the PR the tech sites are allowing CTS 'airtime' is actually helping them look better when we're not giving AMD time to work on it as Google gave Intel (and AMD) when Spectre/Meltdown were discovered.

So, even those doing this at those saying there is no flaw, of course there's a flaw but it could have been dealt with 'properly' and had it been done so (been fixed by AMD), we would not have had all this hyperbolic forum activity.

Is there an exploit? YES. Did CTS stitch AMD up? YES. TPU has not sufficiently asked why that is, that is why there is a great resentment in the forums.
Then again, in 'x' weeks time, if AMD hasn't fixed it, then we can get all pissy again.....

VERY well said..