Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
AMD Ryzen 5 5600 review
PowerColor RX 6650 XT Hellhound White review
FSP Hydro PTM Pro (1200W PSU) review
ASUS ROG Radeon RX 6750 XT STRIX review
AMD FidelityFX Super Resolution 2.0 - preview
Sapphire Radeon RX 6650 XT Nitro+ review
Sapphire Radeon RX 6950 XT Sapphire Nitro+ Pure review
Sapphire Radeon RX 6750 XT Nitro+ review
MSI Radeon RX 6950 XT Gaming X TRIO review
MSI Radeon RX 6750 XT Gaming X TRIO review

New Downloads
AIDA64 Download Version 6.70
FurMark Download v1.30
Display Driver Uninstaller Download version 18.0.5.1
Download Samsung Magician v7.1.1.820
Intel ARC graphics Driver Download Version: 30.0.101.1732
HWiNFO Download v7.24
GeForce 512.77 WHQL driver download
Intel HD graphics Driver Download Version: 30.0.101.1960
AMD Radeon Software Adrenalin 22.5.1 WHQL driver download
3DMark Download v2.22.7359 + Time Spy


New Forum Topics
TSMC Will Begin Process Technology Research at 1.4nm AMD Announces Mendocino Mobile Processor, price and energy friendly AMD is developing Smart Access Storage to enable speedier game loading. AMD Announces Ryzen 7000 - passing 5.5 GHz 15% Single Thread perf Increase - RDNA2 NVIDIA GeForce 512.77 WHQL driver download & Discussion AMD FidelityFX Super Resolution 2.0 - Deathloop preview 5900x or 5800x3D? 3090 Ti owners thread Are we ever going to get a new NVIDIA CONTROL PANEL ??? Unique 17.3-inch mobile liquid crystal display at 5 mm




Guru3D.com » News » AMD fixed a vulnerability in its chipset drivers that let non-administrators get passwords

AMD fixed a vulnerability in its chipset drivers that let non-administrators get passwords

by Hilbert Hagedoorn on: 09/21/2021 03:42 PM | source: | 7 comment(s)
AMD fixed a vulnerability in its chipset drivers that let non-administrators get passwords

First off, the vulnerability was fixed in AMD's newest PSP and chipset drivers (download here), which AMD recommends updating. Kyriakos Economou, a security researcher and co-founder of ZeroPeril, uncovered the flaw and promptly contacted AMD, working closely with the red team to patch it.

This vulnerability allows obtaining information of all kinds, including credentials of users with administrative privileges to escalate privileges or hashes that allow network access, and even exceeding mitigations of different vulnerabilities to later exploit them. Economou said this regarding the new vulnerability:

During our tests we were able to filter out multiple gigabytes of uninitialized physical pages when reserving and continuously release blocks of 100 reservations until the system fails to return a buffer of contiguous physical pages.

The content on these physical pages ranged from kernel objects to arbitrary pool addresses that served to bypass mitigations for vulnerabilities such as KASLR, and they even had registry key mappings of \ Registry \ Machine \ SAM containing NTLM hashes of authentication credentials. that could be used in subsequent attacks.

For example, this technique can be used to steal credentials from a user with administrative privileges or used in the "pass-the-hash" style to gain access within a network.

The PSP (Platform Security Processor) drivers should be updated to version 5.17.0.0 via Windows Update, and the chipset drivers should be updated to version 3.08.17.735 or newer, which already includes the PSP update that resolves this vulnerability. No BIOS updates are required.







« Intel 6th patent infringement case, China may restrict the sale of its CPUs. · AMD fixed a vulnerability in its chipset drivers that let non-administrators get passwords · Corsair Announces the Release of the M65 RGB ULTRA Gaming Mice »

Related Stories

AMD Fixes More Ryzen Issues with New BIOS Firmware Microcode - 03/31/2017 04:18 PM
Performance keeps on improving in games with Ryzen, that would be the generic message AMD is evengalizing on a new Blog post. It seems that AMD has made good progress on the software side of things. Y...

AMD fixes R9 Fury X Whining Noises - 07/02/2015 08:38 AM
One of the smaller problems of the AMD Radeon R9 Fury X is that the cooler is making some noises alongside a tiny bit of whine. We noted that in our review already. However AMD seems to have tackled ...


2 pages 1 2


zhalonia
Member



Posts: 99
Joined: 2014-06-11

#5948337 Posted on: 09/21/2021 04:10 PM
can't wait for the next update cause this aint working.

TieSKey
Senior Member



Posts: 205
Joined: 2015-09-26

#5948418 Posted on: 09/21/2021 07:38 PM
Good thing I have PSP disabled in the first place....

waltc3
Senior Member



Posts: 1376
Joined: 2014-07-22

#5948424 Posted on: 09/21/2021 07:59 PM
No problem, here. Seems like we've heard multiple reports about AMD patching the same bug... ;) It was patched a while ago--old news.

KissSh0t
Senior Member



Posts: 11068
Joined: 2011-10-22

#5948496 Posted on: 09/22/2021 12:43 AM
The update to the PSP driver was already pushed to systems via Windows Update... before the chipset driver "package" was released if memory serves.

*edit*

checked mine, Haven't installed the new chipset driver and already have 5.17.0.0



hamltnblue
Senior Member



Posts: 123
Joined: 2006-02-03

#5948594 Posted on: 09/22/2021 11:56 AM
Interesting driver date. Instead of getting it early, you machine simply moved into the future.

2 pages 1 2


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022