‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

I feel like 99% of these existential vulnerabilities can only be utilized by state actors until some NSA bozo leaks it because he got demoted for stalking his ex girlfriend

Did someone find the NSA's backdoor?

Now this is interesting. I have a feeling people who play games that use kernel-level anticheats, or use other third-party "security solutions" are going to be uniquely vulnerable to this. They tend to be highly insecure and have historically been vector for ring-0 privilege escalation.

Besides that, it's also fairly easy to exploit old vulnerable kernel drivers to load unsigned code into the kernel with only administrator privileges (which itself is also fairly easy to escalate to from limited user permissions, on an insufficiently hardened Windows install). So this is actually pretty bad.

After the CrowdStrike fiasco and now this, Microsoft will likely now be under even more pressure now to do something about the near free reign software vendors have had to the kernel.

I don't know the exact situation for Linux but I could imagine it's probably not much better.

I love technology!

Hmm, So, with root access one can place arbitrary code in the firmware of the CPU, which can be accessed by the OS and ran. I wonder what if an infected computer has a root hack patched? Would it still be possible access the code in user space? Or is this effectively neutralized until the computer is reinfected by the attacker with something that gives root access.

It's funny how often I read FUD articles in the news that basically sum up to be "hackers can spy on you if they have physical access to your computer". This is actually a big one and I hope it gets effectively patched ASAP. Especially for embedded devices.

well why'd you tell everyone, now somebody is going to try to exploit it!