AMD Ryzen Owners Update Your Drivers ASAP To Patch This Password Stealing Exploit
Heads up for anyone running an AMD build, there is a new chipset driver update available, and you're going to want to install it. The update patches a vulnerability that could allow a user with low privileges to access uninitialized physical memory pages that potential contain sensitive information, including passwords.
The vulnerability is tracked as CVE-2021-26333. In a security advisory, AMD explained that the flaw resides in the Platform Security Processor (PSP) chipset driver, and recommends either updating through Windows Update (which bumps the PSP driver to 18.104.22.168) or applying a newer chipset driver (version 3.08.17.735 or later).
Security researcher Kyriakos Economou discovered the vulnerability and published details to ZeroPeril, a security outfit he co-founded in the UK. During his tests, he and his team were able to leverage the vulnerability to leak multiple gigabytes of sensitive data from uninitialized physical pages in memory on an affected AMD platform.
"The contents of those physical pages varied from kernel objects and arbitrary pool addresses that can be used to circumvent exploitation mitigations such as KASLR, and even registry key mappings of \Registry\Machine\SAM containing NTLM hashes of user authentication credentials that can be used in subsequent attack stages," Economou said.
He went on to explain that this sort of thing can be used to steal credentials from users with admin privileges, thereby providing a malicious actor deeper access into an affected network. The researcher verified the flaw in two separate systems, one with a Ryzen 2000 series processor and the other with a Ryzen 3000 series processors.
AMD's security advisory, however, notes this applies to a much wider range of systems, including all the way back to Ryzen 1000 series on up to the latest Ryzen 5000 series processors, as well as multiple families of APUs. Mobile chips and Threadripper platforms are all affected as well.
Microsoft's latest Patch Tuesday update that went out earlier this week contains the updated PSP driver that mitigates this threat. Otherwise, you can visit AMD's support site to download the latest chipset driver for your platform.