Giveaway of the Day Forums

1. 

   mikiem2
   Moderator

   wired[.]com/story/amd-chip-sinkclose-flaw/?s=31

   tomshardware[.]com/pc-components/cpus/sinclose-vulnerability-affects-hundreds-of-millions-of-amd-processors-enables-data-theft-amd-begins-patching-issue-in-critical-chip-lines-more-to-follow

   bleepingcomputer[.]com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

   amd[.]com/en/resources/product-security/bulletin/amd-sb-7014.html

   Malware is designed to escape detection and stick around -- its masters want the infection to last forever so they can continue to use the device they've taken over. Antivirus software OTOH wants to detect malware and remove it. The only way for malware to completely evade AV software is to infect the PC outside of Windows, because that's where AV software lives. When you turn on a PC the BIOS is the 1st thing that starts, and its mini OS starts the boot loader that Windows devices store on the EFI partition. Both are ideal targets for malware, and fortunately, both are hard to infect.

   The newly discovered vulnerability, called Sinkclose by the researchers that discovered it, and SMI Lock Bypass by AMD, allows cyber-criminals that have already infected a PC to further infect the BIOS. It's not an easy attack, & at least at first, home users are less likely to see it -- eventually less advanced &/or skilled criminals may get access to a tool developed by state sponsored cyber-criminals for example, which has happened in the past. The pair of security researchers have not released their code [proof of concept] at AMD's request, and AMD has developed a fix that it's making available to manufacturers to incorporate in new BIOS firmware. You do want to watch for and install the new firmware as soon as it's available -- according to the researchers, if your BIOS becomes infected via this attack, the only user accessible cure is replacement, meaning a new device or at least a new motherboard.

   The bottom link above leads to AMD's site, where they list the CPUs and the AGESA version containing the fix. That can be important -- the manufacturer of the motherboard in this PC does not give a thorough explanation of what's new in a BIOS firmware update, but they do list the AGESA version.

   wikipedia[.]org/wiki/AGESA

   Posted 3 months ago #
2. 

   mikiem2
   Moderator

   AMD originally did not list any patches for earlier Ryzen CPUs -- those patches are supposed to be released to manufacturers to [hopefully] include in new BIOS firmware tomorrow, 8/20/24.

   Posted 3 months ago #
3. 

   mikiem2
   Moderator

   Patched firmware was available for the Gigabyte motherboard in this PC at the end of August -- still waiting on patched firmware for the Asus board in my wife's PC. Gigabyte has been pretty good about updating the BIOS in this now 6 year old board, which unfortunately they make up for with poor quality control -- 4 or 5 BIOS updates have been keepers, out of 18, though I can't say for sure yet if this latest BIOS is another fail, or if it's Microsoft's fault. Can't enable Secure Boot importing/loading the factory keys, which could be just a bad BIOS update, or something to do with the way that Microsoft's been slowly & steadily hardening the attack surface of Windows boot loader, taking control over approved and disallowed secure boot keys. I'm not overly concerned, since I suspect I'll wind up turning off secure boot anyway if/when Microsoft forces what seems to me an unworkable solution to one of secure boot's weaknesses, so I'm just reporting my experience so far. And so far there do not *seem* to be any performance costs to the patched firmware.

   Posted 2 months ago #
4. 

   mikiem2
   Moderator

   FWIW, Gigabyte released another BIOS update for my board, and I can confirm it was Gigabytes error, not Microsoft's updates preventing me from using Secure Boot.

   Posted 2 months ago #

RSS feed for this topic

Reply

You must log in to post.