Rroff your drivel against AMD in this very thread is so much that, I will follow the majority and add you to the ignore list.
I feel this discussion is ending up like the Brexit discussion lately.
No offence but you were the one still banging on about physical access long after it was shown that physical access is not required.
If you see the detailed AMD table of the issue, all the "vulnerabilities" require physical administrator access to the machine, some of them to the bios!!
And couple go even further. It require direct hardware access....
Aside from needing elevated privileges none of that is true yet you accuse me of drivel - you don't need BIOS access as in sitting there changing settings - you can commit a new compromised BIOS from the Windows desktop remotely once you've made use of a first stage attack to gain access to the desktop. That it is a second stage attack doesn't mean it is insignificant though it does diminish it from the kind of threat level CTS Labs were initially trying to portray it as - attempting by association to make it look like something of the level of Meltdown. Most crypto malware for instance are second stage using another stage for remote intrusion/worming and compromising OS security to drop the malware.
(The biggest barrier here is that you need to create customised software that in some cases will need a library of customised firmware versions for different hardware which means that most of these vulnerabilities are beyond the reach of all but state level actors, etc. to actually put into practise - but that doesn't mean they aren't serious and that those kind of players won't try to use them if the pay off is big enough).
There are unfortunately a few people talking drivel in this thread but it certainly isn't me (while I'm far from an expert in the field and pretty rusty these days at putting any of it into practise I think the WannaCry thread shows that I have above average understanding of these kind of security issues).
EDIT: It is also sad that aside from a couple of people like Vince and Humbug (albeit he is mostly parroting from information elsewhere which has been skewed in defence of AMD) few are debating from a technical perspective and mostly just parroting the headline keywords with very little interpretation of what is and isn't possible from the details.
Or you can just stick your hands over your ears and ignore me rather than engage in a debate of the technical details as to why I'm talking "drivel".
When you want to do something bad to the machine, having already administrator access to it, you dont faffle around trying to bother with CPU internals or the firmware, you do your job......
This will highly depend on what you are trying to accomplish - for some tasks there are plenty of off the shelf malware or even just directly fiddling with the OS such as configuring a proxy server - if you are trying to use that initial intrusion to gain a deeper foothold into a network then the game changes again and exploits like this are a much bigger deal.
