Cybercriminals are making strides towards attacks with malware that can execute code from the graphics processing unit of a compromised system. In a short post on a hacker forum, someone offered to sell the proof-of-concept for a technique they say keeps malicious code safe from security solutions scanning the system RAM. The seller provided only an overview of their method, saying that it uses the GPU memory buffer to store malicious code and execute code.
Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all. In a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips - namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX - and found that they were able to adversely manipulate the operation of the CPU cores.
Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no first generation AMD Zen CPUs. With the new TPM 2.0 requirement and a restricted list of compatible CPUs, many people found that their devices with Intel 7th generation and first generation AMD Zen CPUs, which run Windows 10 flawlessly, can no longer upgrade to Windows 11.
Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no AMD Zen CPUs. With the new TPM 2.0 requirement and a restricted list of compatible CPUs, many people found that their devices with Intel 7th generation and AMD Zen CPUs, which run Windows 10 flawlessly, cab no longer upgrade to Windows 11.
Researchers have described a voltage glitching attack that shows AMD's Secure Encrypted Virtualization technology may not provide proper protection for confidential data in cloud environments. The TU Berlin researchers showed that an attacker who has physical access to the targeted system can gain access to SEV-protected VM memory content by launching a voltage fault injection attack on SP. In order to work as intended, integrated circuits need to operate within specific temperature, clock stability, electromagnetic field, and supply voltage ranges.
AMD's Secure Encrypted Virtualization scheme is not as secure as its name suggests. In a paper titled "One Glitch to Rule Them All: Fault Injection Attacks Against AMD's Secure Encrypted Virtualization," Robert Buhren, Hans Niklas Jacob, Thilo Krachenfels, and Jean-Pierre Seifert from TU Berlin's Security in Telecommunications group, describe how they succeeded in mounting a voltage fault injection attack.
Microsoft announced today that they might lower the Windows 11 system requirements to allow Intel 7th generation and AMD Zen 1 CPUs to use the new operating system. Even if your hardware had no problems running Windows 10, Microsoft decided only to allow Intel 8th generation, AMD Zen 2, and Qualcomm 7 and 8 Series processors to be compatible with Windows 11.
Microsoft has pulled an AMD driver from Windows Update after numerous people reported that it prevents Windows 10 from starting and displays an "INACCESSIBLE BOOT DEVICE" error. When hardware manufacturers release new drivers for Windows 10, they get added to the Windows Update as an optional driver update that users can install.
A team of academics from the University of Virginia and University of California, San Diego, have discovered a new line of attack that bypasses all current Spectre protections built into the chips, potentially putting almost every system - desktops, laptops, cloud servers, and smartphones - once again at risk just as they were three years ago. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.
Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection. This basically means that, if your PC supports it, it's a bit harder for malicious websites to exploit bugs in Chrome to hijack your computer.