A vulnerability has been discovered within AMD processors which has the potential to expose affected PCs to incredibly stealthy strains of malware.
AMD processors are used to power computers, and this is achieved by executing instructions within software applications. Therefore, everything you do on a PC is powered by a processor e.g. running Windows, processing data, and calculations. Some processors are more powerful than others, and the type chosen depends on the user’s need e.g. a diehard gamer will need a high-performance processor to get the best gaming experience, while someone working in a small office will need something less powerful to complete word processing tasks.
As AMD is a highly popular manufacturer of PC processors, we’re going to take a close look at this vulnerability and discuss the impact it could have on your PC users.
Understanding the AMD Chip Vulnerability
The vulnerability in AMD’s chips was discovered by the security firm IOActive, who has named the vulnerability Sinkclose. The flaw was first found in October 2023, but it appears Sinkclose has been present in AMD processors for close to two decades, a remarkable amount of time for a vulnerability to go unnoticed.
Sinkclose affects a specific operating mode within the processors named System Management Mode. This function is used to control systemwide processes including power management and system hardware control. Key to the Sinkclose vulnerability is the fact that System Management Mode also offers high privilege access. And it’s this access which, potentially, could allow a threat actor to run malicious code undetected.
Gaining access deep enough within a PC to even tackle the System Management Mode is difficult for even the most skilled hackers, but it’s not impossible. After infecting a machine with a bootkit – a form of malware which executes very early in the boot process – a threat actor could make their way deep within the system. And if a threat actor does manage to install malware through the Sinkclose vulnerability, the location of the infection means it would survive multiple reinstallations of Windows.
Are You Safe from Sinkclose?
With the Sinkclose vulnerability potentially active since 2006, and IOActive warning that all AMD chips dating back to this period could be affected, the potential damage is huge. AMD has been quick to respond and, since Sinkclose was first identified last year, has been working on an update ever since. Patches for AMD Ryzen and Epyc chips have recently been issued, but clearing up this debacle looks to be a long-term project for AMD.
While the threat is currently difficult to exploit, if threat actors discover an effective method to abuse it, countless PCs could be at increased risk of being compromised. Therefore, it’s crucial you follow these best practices to maintain the security of your PCs:
- Antivirus and Anti-malware Tools: always implement reputable antivirus and anti-malware software across your network. These security solutions, which are regularly updated against the latest threats, offer continuous scanning, real-time protection and the option to quarantine suspicious files before removing them safely.
- Install All Updates Promptly: one of the most important security steps you can take is to ensure you regularly update all your software, including operating systems and applications. This is the best way to make sure they’re patched against any existing or new vulnerabilities. Automated patch management tools can simplify this process, and Windows provides options for automatic updates of Microsoft apps.
For more ways to secure and optimize your business technology, contact your local IT professionals.
