The last time Hackerfall tried to access this page, it returned the error Unknown exception of type Timeout. A cached version of the page is below, or click here to continue anyway

AMDFLAWS

Do these vulnerabilities require physical access?

No.RYZENFALL, FALLOUT and CHIMERA do not require physical access to exploit.MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. We've confirmed this works on motherboards by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.

Do these vulnerabilities require the ability to sign a driver?

No. Our proof-of-concept exploits rely on an already-signed driver supplied by the vendor.

Do these vulnerabilities require the ability to reflash the BIOS?

RYZENFALL, FALLOUT and CHIMERA do not require BIOS re-flashing. MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. We've confirmed this works on motherboards by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.

Did you notify AMD only 24 hours before the publication?

Yes, we sent full details about the vulnerabilities to AMD, Microsoft, HP, Dell, and select vendors 24-hours before announcing them to the public. We did not publish technical details about the flaws, to avoid putting users at risk. Right now the public is aware of the vulnerabilities, AMD has been provided full details and are now working on patches, and security vendors have also been given full details and are now developing mitigations.

Why is the paper hosted on safefirmware.com?

For redundancy. We wanted to make sure that the link remains available in the event of a DoS attack against this site.

What is required to exploit the vulnerabilities?

Local machine admin privileges. The vulnerabilities are most harmful in APT situations on enterprise networks.

Why do these vulnerabilities matter if you need admin privileges to exploit them?

The vulnerabilities could be useful to attackers at the different stages of an APT attack against an enterprise network:1. Persistency: Attackers could load malware into the AMD Secure Processor before the CPU starts. From this position they can prevent further BIOS updates and remain hidden from security products.2. Stealth: Sitting inside the AMD Secure Processor or the AMD Chipset is, at the moment, outside the reach of virtually all security products. AMD chips could become a safe haven for attackers to operate from.3. Network Credential Theft: Bypass Microsoft Credentials Guard and steal network credentials. We have a PoC version of mimikatz that works even while Credential Guard is enabled.4. Specific AMD Secure Processor features for cloud providers, such as Secure Encrypted Virtualization, could be circumvented or disabled by these vulnerabilities.

Must an attacker be able to sign a BIOS to exploit MASTERKEY?

No. In most cases, all that's required to exploit MASTERKEY is to run an EXE with local admin privileges.Each MASTERKEY vulnerability could provide attackers with dual capabilities: First, the capability to flash a modified BIOS, which is typically not possible because of UEFI signature verification. And second, the capability to execute code on the Secure Processor itself during boot.

Continue reading on amdflaws.com