'

AMD updates their customers regarding Spectre and processor security

AMD are releasing optional microcode updates to mitigate the threat of variant 2

AMD updates their customers regarding Spectre and processor security

AMD updates their customers regarding Spectre and processor security

AMD has released a new update regarding the security of AMD processors, specifically regarding the recently announced exploit called Spectre. This update has left many AMD users concerned, as they consider AMD's newly released optional OS and Microcode updates for Spectre Variant 2 as an admission that the company is now at higher risk from the vulnerability.     

To be clear, AMD stands by their "near zero" risk claims regarding Spectre Variant 2, with the exploit having never been demonstrated on an AMD processor. Regardless, AMD is taking steps to turn this "near-zero" risk into a no risk scenario, giving security conscious users the ability o pre-emotively install microcode updates that will provide them with total protection. 

At this time it is unknown how these updates will be distributed, especially on a voluntary basis, though it is likely that these updates will be governed by as enable or disable option at a BIOS/UEFI level. These updates will be coming to both EPYC and Ryzen customers and partners. 

This announcement does not mean that AMD is at any higher risk than previously announced, just that the company is taking additional steps to give their customers peace of mind and to prevent any potential future use of Spectre variant 2 on AMD Ryzen-based systems. Below is Mark Papermaster's official update on AMD Processor Security 

  

     The public disclosure on January 3rd that multiple research teams had discovered security issues related to how modern microprocessors handle speculative execution has brought to the forefront the constant vigilance needed to protect and secure data. These threats seek to circumvent the microprocessor architecture controls that preserve secure data.

At AMD, security is our top priority and we are continually working to ensure the safety of our users as new risks arise. As a part of that vigilance, I wanted to update the community on our actions to address the situation.Google Project Zero (GPZ)

Variant 1 (Bounds Check Bypass or Spectre) is applicable to AMD processors.

- We believe this threat can be contained with an operating system (OS) patch and we have been working with OS providers to address this issue. 

- Microsoft is distributing patches for the majority of AMD systems now. We are working closely with them to correct an issue that paused the distribution of patches for some older AMD processors (AMD Opteron, Athlon and AMD Turion X2 Ultra families) earlier this week. We expect this issue to be corrected shortly and Microsoft should resume updates for these older processors by next week. For the latest details, please see Microsoft’s website.

- Linux vendors are also rolling out patches across AMD products now.


GPZ Variant 2 (Branch Target Injection or Spectre) is applicable to AMD processors.

- While we believe that AMD’s processor architectures make it difficult to exploit Variant 2, we continue to work closely with the industry on this threat.  We have defined additional steps through a combination of processor microcode updates and OS patches that we will make available to AMD customers and partners to further mitigate the threat.

- AMD will make optional microcode updates available to our customers and partners for Ryzen and EPYC processors starting this week. We expect to make updates available for our previous generation products over the coming weeks. These software updates will be provided by system providers and OS vendors; please check with your supplier for the latest information on the available option for your configuration and requirements.

- Linux vendors have begun to roll out OS patches for AMD systems, and we are working closely with Microsoft on the timing for distributing their patches. We are also engaging closely with the Linux community on development of “return trampoline” (Retpoline) software mitigations.

There have also been questions about GPU architectures. 

- AMD Radeon GPU architectures do not use speculative execution and thus are not susceptible to these threats. 

We will provide further updates as appropriate on this site as AMD and the industry continue our collaborative work to develop mitigation solutions to protect users from these latest security threats.

  

AMD updates their customers regarding Spectre and processor security  
With this update, AMD has also confirmed that none of their GPU architectures use any kind of speculative execution and are therefore not susceptible to either Spectre or Meltdown. 

You can join the discussion on AMD's update on processor security on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

12-01-2018, 07:49:35

AlienALX
From what I have heard yes, but they are working on it.Quote

12-01-2018, 07:55:15

Prika
Nice from them, much better response and clarification then what Intel is done and doingQuote

12-01-2018, 11:00:54

Digikid
Found this online. Quite funny.Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.