Computer scientists at TU Dresden in Germany have found that AMD's Zen processor family is vulnerable to a data-bothering Meltdown-like attack after all. In a paper [PDF] titled "Transient Execution of Non-Canonical Accesses," released via ArXiv, Saidgani Musaev and Christof Fetzer analyzed AMD Zen+ and Zen 2 chips - namely the Epyc 7262, Ryzen 7 2700X, and the Threadripper 2990WX - and found that they were able to adversely manipulate the operation of the CPU cores.
Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no first generation AMD Zen CPUs. With the new TPM 2.0 requirement and a restricted list of compatible CPUs, many people found that their devices with Intel 7th generation and first generation AMD Zen CPUs, which run Windows 10 flawlessly, can no longer upgrade to Windows 11.
Microsoft announced today that after investigating other potentially compatible processors for Windows 11, they only found one 7th generation Intel CPU to be compatible, and no AMD Zen CPUs. With the new TPM 2.0 requirement and a restricted list of compatible CPUs, many people found that their devices with Intel 7th generation and AMD Zen CPUs, which run Windows 10 flawlessly, cab no longer upgrade to Windows 11.
Oracle on Tuesday announced the availability of a total of 342 new security patches as part of its July 2021 Critical Patch Update. The most severe of these issues is CVE-2021-2244, a security bug in the Essbase Analytic Provider Services product of Oracle Essbase that could be exploited remotely without authentication and which could lead to the complete takeover of the affected product.
Microsoft announced today that they might lower the Windows 11 system requirements to allow Intel 7th generation and AMD Zen 1 CPUs to use the new operating system. Even if your hardware had no problems running Windows 10, Microsoft decided only to allow Intel 8th generation, AMD Zen 2, and Qualcomm 7 and 8 Series processors to be compatible with Windows 11.
The mitigations applied to exorcise Spectre, the family of data-leaking processor vulnerabilities, from computers hinders performance enough that disabling protection for the sake of speed may be preferable for some. "Before Spectre mitigations, those system calls hardly slowed down userspace execution at all."
Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library. "Forty of those, or 55 percent, were found internally through our own proactive security research. Of the remaining 33 CVEs being addressed, 29, or 40 percent, were reported through our bug-bounty program. Overall, 95 percent of the issues being addressed today are the result of our ongoing investments in security assurance, which is consistent with our 2020 Product Security Report."
Intel has pushed out a raft of security advisories for June, bringing its total discovered "Potential vulnerabilities" for the year to date to 132, only a quarter of which were reported by external contributors and the company's bug bounty programme. "Today we released 29 security advisories addressing 73 vulnerabilities," Intel's Jerry Bryant said of the company's latest updates.
A team of academics from the University of Virginia and University of California, San Diego, have discovered a new line of attack that bypasses all current Spectre protections built into the chips, potentially putting almost every system - desktops, laptops, cloud servers, and smartphones - once again at risk just as they were three years ago. The disclosure of Spectre and Meltdown opened a floodgates of sorts, what with endless variants of the attacks coming to light in the intervening years, even as chipmakers like Intel, ARM, and AMD have continually scrambled to incorporate defenses to alleviate the vulnerabilities that permit malicious code to read passwords, encryption keys, and other valuable information directly from a computer's kernel memory.
Oracle this week announced the release of 390 new security fixes as part of the April 2021 Critical Patch Update, including patches for more than 200 bugs that could be exploited remotely without authentication. The quarterly set of security patches addresses a total of 41 vulnerabilities considered critical severity, including 5 that feature a CVSS score of 10.