Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products.
Intel published eight new advisories, including two that describe high-severity vulnerabilities.
One of the high-severity issues is a local privilege escalation impacting BIOS firmware for some Intel processors.
The second is a local privilege escalation that impacts the on-chip debug and test interface in some 4th Generation Intel Xeon processors when using SGX or TDX technology.
The remaining nine issues have a 'medium' or 'low' severity rating.
Most of them impact processors and their exploitation could lead to information disclosure, denial of service, and local privilege escalation.
One of the information disclosure vulnerabilities, discovered internally by Intel and tracked as CVE-2023-28746, impacts only Atom processors.
Named Register File Data Sampling, the flaw has been described as a microarchitectural vulnerability that can allow a local attacker to obtain potentially sensitive data from memory.
The issue has been compared to previously disclosed Microarchitectural Data Sampling flaws.
One of Intel's advisories covers four medium- and low-severity issues that can lead to DoS attacks, information disclosure, and privilege escalation.
The chip giant has released microcode updates and other patches that should address these vulnerabilities.
Many of the flaws were found internally by Intel, which recently reported patching 353 security holes last year.
One is in response to a newly disclosed microarchitectural vulnerability named GhostRace, which impacts all major CPU makers, as well as Linux and other software.
Intel does not appear to have mentioned GhostRace in its latest advisories, despite financially supporting the project.
The second AMD advisory covers a WebGPU browser-based GPU cache side-channel attack method whose details will likely be made public soon by a team of academic researchers.

This Cyber News was published on www.securityweek.com. Publication date: Wed, 13 Mar 2024 17:13:07 +0000

Cyber News related to Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities - Chipmakers Intel and AMD have published 10 new security advisories this Patch Tuesday to inform customers about vulnerabilities impacting their products. Intel published eight new advisories, including two that describe high-severity vulnerabilities. ...
11 months ago Securityweek.com CVE-2023-28746

Intel out-of-band patch addresses privilege escalation flaw The Register - Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips. The flaw, designated INTEL-SA-00950 and given a CVSS 3.0 score of 8.8 out of 10, affects Intel ...
1 year ago Theregister.com

15 Best Patch Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive patch management for various operating systems, applications, and third-party software.It is complex for new users and requires time and training to utilize its functionalities fully.Advanced analytics ...
6 days ago Cybersecuritynews.com

Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day - Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. While eight remote code execution bugs were fixed, Microsoft only rated three ...
1 year ago Bleepingcomputer.com CVE-2023-20588

Intel knew AVX chips were insecure and did nothing - Intel has been sued by a handful of PC buyers who claim the x86 goliath failed to act when informed five years ago about faulty chip instructions that allowed the recent Downfall vulnerability, and during that period sold billions of insecure chips. ...
1 year ago Theregister.com

New SLAM attack steals sensitive data from AMD, future Intel CPUs - Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory. SLAM is a transient ...
1 year ago Bleepingcomputer.com

Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs - Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution ...
11 months ago Bleepingcomputer.com

Microsoft's January 2024 Patch Tuesday Addresses 49 Vulnerabilities, Including Two Critical Vulnerabilities - Microsoft's first Patch Tuesday of 2024 has arrived, and it's a significant one. The tech giant has released fixes for a total of 49 vulnerabilities, including 12 remote code execution vulnerabilities and two critical vulnerabilities. These ...
1 year ago Securityboulevard.com

Fresh SLAM Attack Extracts Sensitive Data from AMD CPUs and Upcoming Intel Processors - Academic researchers have unveiled a novel side-channel attack named SLAM, designed to exploit hardware enhancements meant to bolster security in forthcoming CPUs from major manufacturers like Intel, AMD, and Arm. The attack aims to retrieve the root ...
1 year ago Cysecurity.news

How Patch Management Software Solves the Update Problem - I've never met an IT leader who doesn't know how important patch management is. At Heimdal, we believe patch management software provides the solution to this problem. Patch management software is a technology that allows businesses to automate the ...
8 months ago Heimdalsecurity.com

January 2024 Patch Tuesday forecast: A Focus on Printing - This article aims to provide a quick summary of some of the latest trends, announcements, and changes associated with IT patch operations while looking at the upcoming Patch Tuesday and what software updates to expect. December 2023 Patch Tuesday ...
1 year ago Helpnetsecurity.com

CVE-2022-37327 - Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC ...
1 year ago

SLAM Attack: New Vulnerability Targets Intel, AMD, Arm CPUs - In a groundbreaking revelation, researchers from Vrije Universiteit Amsterdam have uncovered a formidable side-channel attack known as SLAM, posing a serious threat to the security of current and future CPUs manufactured by tech giants Intel, AMD, ...
1 year ago Securityboulevard.com

Israel $3.2bn Grant For Intel's $25 Billion Chip Factory - Intel to make its largest ever single investment in Israel, with a $25 billion chip-making factory in the south of the country. Intel and the Israeli government have confirmed plans to construct a $25 billion chip-making factory in Southern Israel. ...
1 year ago Silicon.co.uk

Intel Discloses Max Severity Bug in Its AI Model Compression Software - Intel has disclosed a maximum severity vulnerability in some versions of its Intel Neural Compressor software for AI model compression. The bug, designated as CVE-2024-22476, provides an unauthenticated attacker with a way to execute arbitrary code ...
9 months ago Darkreading.com CVE-2024-22476

Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
10 months ago Techtarget.com

December 2023 Patch Tuesday forecast: 'Tis the season for vigilance - Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales. They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats. ...
1 year ago Helpnetsecurity.com CVE-2023-36025 CVE-2021-3773

New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
8 months ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke

How to conduct security patch validation and verification - Validation and verification are important steps in the security patch management lifecycle. They help to determine the impact of a patch on the security and efficiency of an organization's IT assets. Patch validation is the process of examining newly ...
10 months ago Techtarget.com

Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
11 months ago Cisa.gov

Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
9 months ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109

Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws - Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. The total count of 61 flaws does not include 2 Microsoft Edge flaws fixed on May 2nd and four ...
9 months ago Bleepingcomputer.com CVE-2024-30046

Beware: PayPal "New Address" feature abused to send phishing emails - The email includes the new address that was allegedly added to your PayPal account, including a message claiming to be a purchase confirmation for a MacBook M4, and to call the enclosed PayPal number if you did not authorize the purchase. The goal of ...
2 weeks ago Bleepingcomputer.com

ICS Patch Tuesday: Siemens Ruggedcom Devices Impacted by 45 Fortinet Vulnerabilities - Siemens and Schneider Electric have published their March 2024 Patch Tuesday security advisories, which cover more than 200 vulnerabilities affecting their products. Siemens has published 11 new advisories describing a total of 214 vulnerabilities. A ...
11 months ago Securityweek.com CVE-2024-21762 CVE-2023-27997 CVE-2022-41328

Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

Cyber News related to Chipmaker Patch Tuesday: Intel, AMD Address New Microarchitectural Vulnerabilities

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)