AMD chipset driver has a flaw, users to install security updates as soon as possible

by ·

AMD recommends that Windows users who use their Ryzen 1000 to 3000 series processors install a security update as soon as possible because there is a high-risk vulnerability in the processor chipset driver that can be used by criminals to dump system memory to steal sensitive data.

According to The Report, this vulnerability (CVE-2021-26333) was first discovered by Kyriakos Economou, the co-founder of the cybersecurity company ZeroPeril. It is a vulnerability in the AMD Platform Security Processor (PSP) driver, and this platform security processor can be said to be equivalent to AMD’s technology corresponding to Intel SGX.
AMD Ryzen Amazon
AMD’s platform security processor will create a secure enclave in the AMD processor, that is, a trusted execution environment, to allow the operating system to process and encrypt sensitive data in the memory. The Windows operating system generally interacts with the trusted execution environment through a kernel driver called amdsps.sys.

However, Kyriakos Economou pointed out that he found 2 problems in this driver, which allows non-administrator users to dump system memory and find sensitive data processed by the operating system. Kyriakos Economou, co-founder of security firm ZeroPeril explains:

The contents of those physical pages varied from kernel objects and arbitrary pool addresses that can be used to circumvent exploitation mitigations such as KASLR, and even registry key mappings of \Registry\Machine\SAM containing NTLM hashes of user authentication credentials that can be used in subsequent attack stages. For example, these can be used to steal credentials of a user with administrative privilege and/or be used in pass-the-hash style attacks to gain further access inside a network.

Microsoft has introduced monthly security updates, and this update also includes updates to the PSP driver chipset, so AMD also urges users to install it as soon as possible.

Tags: