Security News

Microsoft has pulled an AMD driver from Windows Update after numerous people reported that it prevents Windows 10 from starting and displays an "INACCESSIBLE BOOT DEVICE" error. When hardware manufacturers release new drivers for Windows 10, they get added to the Windows Update as an optional driver update that users can install.

A team of academics from the University of Virginia and University of California, San Diego, have discovered a new line of attack that bypasses all current Spectre protections built into the chips, potentially putting almost every system - desktops, laptops, cloud servers, and smartphones - once again at risk just as they were three years ago. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.

Version 90 of Google's Chrome browser includes a bit of extra security for users of recent versions of Windows and the latest x86 processors, in the form of hardware-enforced stack protection. This basically means that, if your PC supports it, it's a bit harder for malicious websites to exploit bugs in Chrome to hijack your computer.

ASUS announced the introduction of a comprehensive server portfolio based on the latest AMD EPYC 7003 series processors. The new ASUS RS720A, RS700A, RS520A and RS500A-E11 series servers offer refreshed designs based on both dual-socket and single-socket AMD EPYC 7003 series processors.

This new portfolio of HPE ProLiant servers and HPE Apollo systems uses the 3rd Gen AMD EPYC processor to provide foundational compute platforms that deliver unmatched performance, security, automation, and remote management capabilities to support a range of critical workloads that are essential to digital transformation. "HPE is addressing these dynamic market needs every step of the way with high-performing solutions that can scale, secure and efficiently run workloads to speed time-to-value," said Neil MacDonald, senior vice president and general manager, Compute Business Group at HPE. "Through our longtime collaboration and joint engineering with AMD, we are delivering the biggest and broadest portfolio of computing solutions, using the new 3rd Gen AMD EPYC processor, to transform infrastructure and provide the economics, agility and ease of management that is critical to tomorrow's data center needs."

Chipmaker AMD on Monday announced the launch of its new EPYC 7003 series server processors - codenamed Milan - and the company has shared some information about new and improved security features. The new CPUs are based on the Zen 3 architecture and AMD says they bring significantly improved performance for enterprise, cloud and HPC workloads.

Microsoft is integrating its Pluton security processor directly into Intel, AMD, and Qualcomm CPUs to better secure Windows PCs. Windows 10 gains enhanced security by utilizing specialized chips called Trusted Platform Modules to provide hardware-based security functions. Microsoft is now partnering with Intel, AMD, and Qualcomm to introduce the Pluton security processor as an on-die chip in their CPUs.

Sharing its findings with The Hacker News, a group of academics from the Graz University of Technology and CISPA Helmholtz Center for Information Security finally revealed the exact reason behind why the kernel addresses are cached in the first place, as well as presented several new attacks that exploit the previously unidentified underlying issue, allowing attackers to sniff out sensitive data. The new research explains microarchitectural attacks were actually caused by speculative dereferencing of user-space registers in the kernel, which not just impacts the most recent Intel CPUs with the latest hardware mitigations, but also several modern processors from ARM, IBM, and AMD - previously believed to be unaffected.

Google on Tuesday unveiled the first product in its Google Cloud Confidential Computing portfolio: Confidential VMs. Currently in beta for Google Compute Engine, Confidential VMs are designed to help organizations, particularly ones in regulated industries, protect sensitive data by providing memory encryption capabilities that can be leveraged to isolate cloud workloads. Confidential VMs leverage the Secure Encrypted Virtualization feature in 2nd Gen AMD EPYC processors to ensure that sensitive data remains encrypted at all times, including while it's used, queried or indexed.

An attacker with physical or privileged access to certain AMD powered systems could exploit the flaws to execute arbitrary code or take control of the firmware. AMD, which dubs the flaws "SMM Callout Privilege Escalation" bugs, released a fix for one of the three, CVE-2020-14032, on June 8.