Dubious Research Discovers Ryzen vulnerabilites

[smilingcrow]

The first one. its the same for both AMD and Intel.

Isn't Ryzen a SoC that optionally and usually also uses a discrete chipset on a motherboard but the CPU itself also has SATA and USB controllers?
If the controller on the CPU is ASMedia then disabling that is potentially very problematic whereas disabling a 3rd party controller on an Intel board more of an inconvenience.
They don't look the same to me.

 

[kitfit1]

The on-die south bridge is provided by ASMedia as part of the so called promontory chipset. AFAIK this only requires admin/super user access to be able to upload firmware to it and not dependant on a compromised BIOS to be able to avoid the signed code checks. If this checks out it means malware injected in this fashion can survive normal system wipes, undetected by normal security software and audits and being moved from system to system.

EDIT: Guessing you are quoting someone I have on ignore as re-reading your post doesn't come across quite how I first thought when initially reading it.

I'm not 100% on the Intel side but in my experience the ASMedia chipset is used on the board to provide additional SATA and USB connections, etc. and not as part of the Intel CPU - hence why people prefer the Intel SATA ports which are "more directly" connected to the CPU over those provided by a 3rd party such as Marvell or ASMedia.

So, you have been here since 2006 with 53,422 posts and you have no idea why peeps prefer Intel Sata ports over 3rd party ports? The reason is very simple............................Intel ports are faster, just like AMD ports are faster. Not rocket science is it Rroff.
In fact, that has always been the case ever since i can remember. By the way, tell me how anyone can flash my ASMedia controller unless they are sat at this computer ? Of course some random guy could always knock on my front door and ask if he can use my computer for half an hour. Assuming i let him in, i would then have to watch him plug a USB stick into it, reboot and wait for the flash.................................................................is anyone here that stupid ? Maybe you think they are Rroff ?

 

[humbug]

Isn't Ryzen a SoC that optionally and usually also uses a discrete chipset on a motherboard but the CPU itself also has SATA and USB controllers?
If the controller on the CPU is ASMedia then disabling that is potentially very problematic whereas disabling a 3rd party controller on an Intel board more of an inconvenience.
They don't look the same to me.

Ryzen CPU's do have all of that on the CPU yes, the ASMedia Chipset is just an extension of features, Ryzen doesn't actually need it at all, it just means less USB's and PCIe lanes, infact their server chips have no Chipsets at all.
There is no ASMedia tech in the CPU its self, ASMedia is simply a stand alone Chipset, its made by Asus AMD also used them on AM3 boards to provide USB3 later on to keep it upto date, like the Asus Sabertooth 990FX.

 

[humbug]

Ryzen CPU's do have all of that on the CPU yes, the ASMedia Chipset is just an extension of features, Ryzen doesn't actually need it at all, it just means less USB's and PCIe lanes, infact their server chips have no Chipsets at all.
There is no ASMedia tech in the CPU its self, ASMedia is simply a stand alone Chipset, its made by Asus AMD also used them on AM3 boards to provide USB3 later on to keep it upto date, like the Asus Sabertooth 990FX.

Infact on A320 boards the chipset is optional, it does not actually need one, its all SoC.

 

[Rroff]

So, you have been here since 2006 with 53,422 posts and you have no idea why peeps prefer Intel Sata ports over 3rd party ports? The reason is very simple............................Intel ports are faster, just like AMD ports are faster. Not rocket science is it Rroff.

Re-read my post slowly. The implication was that 3rd party controllers of this nature are usually external to the CPU on Intel systems hence why people prefer the Intel ones as they tend to be faster due to being on the CPU itself (this is a large part of why they are faster rather than necessarily something inherent to the Intel controller design).

In fact, that has always been the case ever since i can remember. By the way, tell me how anyone can flash my ASMedia controller unless they are sat at this computer ? Of course some random guy could always knock on my front door and ask if he can use my computer for half an hour. Assuming i let him in, i would then have to watch him plug a USB stick into it, reboot and wait for the flash.................................................................is anyone here that stupid ? Maybe you think they are Rroff ?

It could be used as a cocktail as part of another attack say if some new exploit is found in Windows, etc. but comes back to what I was saying before not a huge deal generally for a home user as amongst other things once something can execute code [as admin] on your system all bets are off but in a say corporate or shared environment it could be used as a way to hide away malware to gain further privileges the user shouldn't have access to. Especially on Windows where even things like UAC and even off the shelf security software designed to lock a desktop down are far from foolproof against someone finding a way to execute code as admin. Look at what happened with WannaCry for instance but now assume that it was a more directed attack and quietly embedded itself into the system using the chipset to hide away slowly gaining the attacker higher levels of access until they finally got the credentials for more sensitive information.

Isn't Ryzen a SoC that optionally and usually also uses a discrete chipset on a motherboard but the CPU itself also has SATA and USB controllers?
If the controller on the CPU is ASMedia then disabling that is potentially very problematic whereas disabling a 3rd party controller on an Intel board more of an inconvenience.
They don't look the same to me.

Ryzen rides a new AM4 socket that comes with a fresh selection of chipset sidekicks. In some ways, the CPU steals some of the thunder normally reserved for these “south bridge” chips. Rather than sticking with the DDR4 and PCI Express interfaces you’d expect from a modern CPU, Ryzen adds USB and storage links typically found on the chipset.

Ryzen may pull more into the processor, but it doesn’t go the full SoC route. The AM4 family still shares a selection of chipset sidekicks that act as I/O hubs.

 

[kitfit1]

Re-read my post slowly. The implication was that 3rd party controllers of this nature are usually external to the CPU on Intel systems hence why people prefer the Intel ones as they tend to be faster due to being on the CPU itself (this is a large part of why they are faster rather than necessarily something inherent to the Intel controller design).

So, even at this stage you don't know that the ASMedia controller is completely seperate from the cpu ? Of course Ryzen has only been on the market for year, so no one would have expected you to have realized that.

It could be used as a cocktail as part of another attack say if some new exploit is found in Windows, etc. but comes back to what I was saying before not a huge deal generally for a home user as amongst other things once something can execute code [as admin] on your system all bets are off but in a say corporate or shared environment it could be used as a way to hide away malware to gain further privileges the user shouldn't have access to. Especially on Windows where even things like UAC and even off the shelf security software designed to lock a desktop down are far from foolproof against someone finding a way to execute code as admin. Look at what happened with WannaCry for instance but now assume that it was a more directed attack and quietly embedded itself into the system using the chipset to hide away slowly gaining the attacker higher levels of access until they finally got the credentials for more sensitive information.

Complete bulls droppings. Most peeps on here would have hardware updates within Windows update turned off anyway. Most of us go get our own hardware updates from the manufacturers website. As for "corporate", they know what they are doing and should deal with this stuff as a matter of course, in much the same way we do.

 

[Rroff]

So, even at this stage you don't know that the ASMedia controller is completely seperate from the cpu ? Of course Ryzen has only been on the market for year, so no one would have expected you to have realized that.





Complete bulls droppings. Most peeps on here would have hardware updates within Windows update turned off anyway. Most of us go get our own hardware updates from the manufacturers website. As for "corporate", they know what they are doing and should deal with this stuff as a matter of course, in much the same way we do.

As per my quote from Asus the on-die south bridge on Ryzen has extra integrated controllers for SATA and USB unlike most CPUs in the past where these extras were left to external controllers on the motherboard chipset itself - which is where AMD turned to ASMedia (that isn't to say there aren't additionally extra external controllers as part of the chipset for additional features - but the Ryzen architecture takes over some of these compared to a traditional implementation).

I'm not talking about an exploit coming through Windows update though possibly that could happen but pretty unlikely unless it was an inside job at MS. While most peeps on here might have Windows update disabled (good luck with that BTW as from 1703 Windows 10 forces the settings back on after a period and attempts to update to 1709 or later) with Windows 10 a lot of people just leave it on automatic. But that is beside the point - there might be a new browser exploit or something like the WannaCry malware that worms through systems and many other vectors for remote intrusion due to a new exploit - combine that with the ability to hide stuff away by misusing firmware like this and you are talking about another level again of security issues.

As for "corporate" well look at what happened with recent crypto malware such as WannaCry which I've mentioned a few times... this stuff happens and now and again exploits crop up that go straight through most protection such as the MS malware protection engine vulnerability that was discovered a few months back as actually susceptible to executing malicious code itself.

PS Maybe tone down the sarcasm, etc. if you are going to whirl at me with ridiculous replies to half reading my posts and comprehending less than half of it.

 

[kitfit1]

As per my quote from Asus the on-die south bridge on Ryzen has extra integrated controllers for SATA and USB unlike most CPUs in the past where these extras were left to external controllers on the motherboard chipset itself - which is where AMD turned to ASMedia.

I'm not talking about an exploit coming through Windows update though possibly that could happen but pretty unlikely unless it was an inside job at MS. While most peeps on here might have Windows update disabled (good luck with that BTW as from 1703 Windows 10 forces the settings back on after a period and attempts to update to 1709 or later) with Windows 10 a lot of people just leave it on automatic. But that is beside the point - there might be a new browser exploit or something like the WannaCry malware that worms through systems and many other vectors for remote intrusion due to a new exploit.

As for "corporate" well look at what happened with recent crypto malware such as WannaCry which I've mentioned a few times... this stuff happens and now and again exploits crop up that go straight through most protection such as the MS malware protection engine that was discovered a few months back as actually susceptible to executing malicious code itself.

Did i say "might have Windows update disabled" ? no i didn't, what i actually said was "hardware updates within update turned off" Anyone on here with half a brain would do that anyway. I'ts not a security issue..............................it saves MS from killing your computer on a regular basis. If you are that stupid you don't know that after 53,428 posts on here.....................................then the question is, why should anyone take anything you say other than with a very large swallow of salt ?

 

[Rroff]

Did i say "might have Windows update disabled" ? no i didn't, what i actually said was "hardware updates within update turned off" Anyone on here with half a brain would do that anyway. I'ts not a security issue..............................it saves MS from killing your computer on a regular basis. If you are that stupid you don't know that after 53,428 posts on here.....................................then the question is, why should anyone take anything you say other than with a very large swallow of salt ?

Having hardware (driver updates) turned off in Windows won't help you here - if rogue code has admin privileges all bets are off and nothing in the post you were replying to is about hardware updates but about the possibility of a remote intrusion that was able to run rogue code with elevated privileges - my point being someone doesn't need physical access to the machine to be able to re-write the firmware and it isn't like we haven't seen various exploits such as this one https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4022344 that work around normal Windows protection.

If you are that stupid you don't know that after 53,428 posts on here....................................

What does my post count have to do with it anyway? you seem triggered by it.

 

[kitfit1]

Having hardware (driver updates) turned off in Windows won't help you here - if rogue code has admin privileges all bets are off and nothing in the post you were replying to is about hardware updates but about the possibility of a remote intrusion that was able to run rogue code with elevated privileges - my point being someone doesn't need physical access to the machine to be able to re-write the firmware and it isn't like we haven't seen various exploits such as this one https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4022344 that work around normal Windows protection.

Nearly every up to date Virus scanner was on to that long before MS released that MPE update, in fact Kaspersky alerted MS to it about 2 months before release.

What does my post count have to do with it anyway? you seem triggered by it.

I'm not triggered by it actually. What annoys me is that peeps might think because of your post count you know more than most about everything. Clearly you know not a lot about all sorts of things.........................and defo know nothing in reality about Ryzen. So why should anyone take any notice of what you say ?

 

[Rroff]

Nearly every up to date Virus scanner was on to that long before MS released that MPE update, in fact Kaspersky alerted MS to it about 2 months before release.

It was known about for at least a month, so potentially being used by those upto no good, before Kaspersky did anything about it as well (think I mentioned before it came up in as security advisory from another source at the company my brother works for in IT and may have been used as an attack vector by some crypto malware around that time) - that is irrelevant though the point is OS level security isn't foolproof and means and ways to bypass user access controls and other protection will happen from time to time - there are plenty of proof of concepts for bypassing things like Windows UAC out there anyhow if someone was so inclined to put the time into it to break out of the local user restrictions in places on many business, etc. networks.

I'm not triggered by it actually. What annoys me is that peeps might think because of your post count you know more than most about everything. Clearly you know not a lot about all sorts of things.........................and defo know nothing in reality about Ryzen. So why should anyone take any notice of what you say ?

What have I said about Ryzen that is so wrong?

 

[gavinh87]

This thread provides

 

[kitfit1]

This thread provides

I'm guessing it always does and always will

 

[kitfit1]

It was known about for at least a month, so potentially being used by those upto no good, before Kaspersky did anything about it as well (think I mentioned before it came up in as security advisory from another source at the company my brother works for in IT and may have been used as an attack vector by some crypto malware around that time) - that is irrelevant though the point is OS level security isn't foolproof and means and ways to bypass user access controls and other protection will happen from time to time - there are plenty of proof of concepts for bypassing things like Windows UAC out there anyhow if someone was so inclined to put the time into it to break out of the local user restrictions in places on many business, etc. networks.

Because like all proper security companys, they gave MS time to respond and act................................unlike the company at the head of this thread.

What have I said about Ryzen that is so wrong?

Nothing......................................one can deduce from your posts what is so wrong.

 

[Rroff]

Because like all proper security companys, they gave MS time to respond and act................................unlike the company at the head of this thread.

Which is completely irrelevant to what I'm talking about.

Nothing......................................one can deduce from your posts what is so wrong.

What is that even supposed to mean?

 

[BongoHunter]

This best thing that could happen in this thread now is closing it - no one interested in the actual topic wants to have to read all this bile to get to it.

 

[Rroff]

What have I said about Ryzen that is so wrong?

Actually looking into it a bit more - I can't find actual confirmation what controller is used internally - the AMD Flaws website alludes to it being an ASMedia controller rebadged as AMD (like the external South Bridge used by Promontory) - but no other documentation actually backs that up or provides any other answer that I can see.

EDIT: Looks like with publishing the clarifications they've changed the bit I was originally referring to.

This best thing that could happen in this thread now is closing it - no one interested in the actual topic wants to have to read all this bile to get to it.

Probably - too many of the posts seem to be bordering on trolling or baiting and the rest are people knee jerk defending AMD until anything is proved otherwise and rubbishing anything that might even slightly look negative on AMD regardless of whether there is anything potentially to it or not.

 

[humbug]

the AMD Flaws website alludes to it being an ASMedia controller rebadged as AMD

https://www.amdflaws.com/

Good grief, this is Roff trying to legitimize trolling from an AMD hate site.

Read the title of the thread, its quite fitting to all this.

 

[TrixP10]

To be honest the last couple of days this thread has kept me entertained. Hats off to rroff.

He is so blinkered that his posts are completely irrelevant. Obviously no one can takes his posts seriously - but it does provide plenty of entertainment. Trying not to be rude but he is funny and I shouldn't poke fun at some one who is unable to grasp the bleeding obvious.

rroff 9 out of 10 for ( . . . . . . )

 

[Rroff]

To be honest the last couple of days this thread has kept me entertained. Hats off to rroff.

He is so blinkered that his posts are completely irrelevant. Obviously no one can takes his posts seriously - but it does provide plenty of entertainment. Trying not to be rude but he is funny and I shouldn't poke fun at some one who is unable to grasp the bleeding obvious.

rroff 9 out of 10 for ( . . . . . . )

It is sad some people think I'm just anti-AMD for the sake of it - notice that in the main 3 threads on Ryzen I have not posted at all - why is that? surely it would be prime estate if I just wanted to bad mouth AMD? (largely I just have nothing to contribute to those threads that hasn't already been said and unlike some are convinced I'm not out to rubbish AMD at every turn).

Everything I'm posting here is in good faith taking in a variety of sources and my own experience, which isn't without its flaws, but seems to be far more extensive than 9 out of 10 posters in this thread so far*. Infact other than Vince most of the posters here seem incapable of thinking for themselves and just regurgitating what they've read on the media articles and a couple of places like reddit without putting any thought into it and simply defending AMD out of hand until its proved otherwise, regardless of whether there potentially might be something to a particular angle or not, at which point if it is proved to be negative for AMD they usually slink off until the topic changes or just revert to making clown posts.

EDIT: Its also a bit sad you've obviously failed to read any of my posts in the light of the first two posts I made in this thread.

* Maybe one day they will actually prove me wrong with constructive and informative counter posts.