Chipmaker Patch Tuesday

I don’t think I have ever heard of this one before, but both Intel and AMD patched over 130 vulnerabilities this week. That is more than Microsoft releases even in a bad month.

Intel published 31 advisories covering over 100 vulnerabilities.

One of the bugs can allow an attacker with access to a guest VM in a multi-tenant virtualized environment to cause the host machine and other guest machines to crash and even create privilege escalation and data theft.

Another bug affects their data center manager software and has a score of 10 out of 10.

AMD published five new advisories covering 27 vulnerabilities. One of those is CacheWarp, potentially allowing attackers to hijack control flow, break into an encrypted VM and escalate. The bug impacts AMD Secure Encrypted Virtualization. They also found security holes in Secure Processor, System Management Unit and other components, including multiple bugs that could lead to arbitrary code execution.

So I guess at this point all I can say is don’t forget about patching your hardware – after all, hardware isn’t really hardware any more. It is really just software of a different flavor. Credit: Security Week