Bad news in the computer security environment. A new discovery of four vulnerabilities has revealed that thousands of users are at risk. To avoid problems they have to apply an update as soon as possible.
AMD, one of the most important companies in the sector, has recognized that its Ryzen processors suffer from up to four very serious security problems. The entity is doing everything possible to issue BIOS updates that avoid holes that hackers could exploit, but there are still devices that must be updated manually.
Check and update
This is the recommendation made to all users who may have been affected. The first thing of all is to check if your AMD Ryzen processor is on the list of models that suffer from security problems. This list can be consulted in the security bulletin that has published the company here and that has in-depth information about what has happened.
As you can see, processors sold in recent years have been affected, and a manual update is recommended to avoid scares. The problem is that there are several processors on the list that will not receive the security patch that will solve the situation until an early date. Thus, the Ryzen 3000 Desktop and Ryzen 3000 Desktop w/ Radeon models will receive it in March of this year 2024. For their part, those who have the Ryzen Embedded V2000 and Ryzen Embedded V3000 processors will have to be even more careful, since the patch will not be implemented. will broadcast until April.
What are the risks?
First of all, if you have taken a look at the list of affected processors, the number of models is large and covers devices from different categories. Some of those already patched include AMD EPYC, Ryzen 5000 Desktop, Ryzen Threadripper Pro 3000WX, Ryzen 5000, Ryzen 3000 or Ryzen 7045 Mobile, among many others. Just because they have received the patch doesn’t mean you don’t have to check if you have it up to date, as your processor may not have been patched automatically.
The detected vulnerabilities are named as follows: CVE-2023-20576, CVE-2023-20577, CVE-2023-20587 and CVE-2023-20579. Of course, they are descriptive codes that are not going to tell you anything about them, so they require some explanation. The first of the four is one of the most dangerous, since it gives hackers the ability to take advantage of it to carry out denial of service attacks. It is also reported in AMD’s security advisory that, with this vulnerability, attackers could potentially exploit system privileges because the BIOS is not doing a proper job of verifying identity.
For its part, the vulnerability CVE-2023-20579 says from AMD that it has a problem in AMD’s SPI protection function, which can expose an access control problem. In the case of the vulnerabilities CVE-2023-20577 and CVE-2023-20587, they coincide in the type of danger they expose. With them, hackers can access SPI flash memory and execute code externally. We do not go into more detail about each of the exposures and consequences, but, as we said, the four vulnerabilities have been designated as high danger.
Taking all this into account, after checking if your processor has been affected, what you need to do is make sure that it is updated to a patched version. The way is simple. First take a look at AMD’s listing for the corresponding versions that already have the patch. Then enter your BIOS by restarting the computer and you will see, when you are inside, its version number. This will allow you to confirm whether you are updated or not.
But remember that you can also check the BIOS version from Windows. To do this, go to Start and search for “msinfo”. This will take you to open the System Information menu, from where you can find the version and date of the last update of your processor. In principle you probably already have the update applied, but it is better to look at it and prevent it. If you are missing the patch, look for the update in AMD and update your computer to avoid problems.
