HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
The new Microsoft Store is now rolling out to Windows 10 PCs
Windows 10 App Installer abused in BazarLoader malware attacks
BotenaGo botnet targets millions of IoT devices with 33 exploits
How to fix the Windows 0x0000007c network printing error
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
AMD fixes dozens of vulnerabilities in Windows 10 graphics driver
Image: Timothy Dykes
AMD has fixed a long list of security vulnerabilities found in its graphics driver for Windows 10 devices, allowing attackers to execute arbitrary code and elevate privileges on vulnerable systems.
The potential impact and the flaws’ severity vary, with AMD tagging more than a dozen bugs as high severity.
“In a comprehensive analysis of the AMD Escape calls, a potential set of weaknesses in several APIs was discovered, which could result in escalation of privilege, denial of service, information disclosure, KASLR bypass, or arbitrary write to kernel memory,” AMD explained.
The security flaws were discovered by independent security researchers Ori Nimron and driverThru_BoB 9th, Eran Shimony of CyberArk Labs, and Lucas Bouillot of the Apple Media Products RedTeam.
The complete list of patched bugs includes:
A full list of vulnerabilities found in the AMD Graphics Driver for Windows 10 and their description is available in the security advisory published this week.
An AMD spokesperson was not available to provide a disclosure timeline when contacted by BleepingComputer today.
This week, AMD also patched medium and high severity security flaws impacting the company’s 1st/2nd/3rd Gen AMD EPYC server processors that could lead to arbitrary code execution, bypassing SPI ROM protections, loss of integrity, denial of service, information disclosure, and more.
“During security reviews in collaboration with Google, Microsoft, and Oracle, potential vulnerabilities in the AMD Platform Security Processor (PSP), AMD System Management Unit (SMU), AMD Secure Encrypted Virtualization (SEV) and other platform components were discovered and have been mitigated in AMD EPYC AGESA PI packages,” AMD said.
The company also addressed an improper access control vulnerability (CVE-2021-26334) found by Michal Poslušný from ESET Research in the AMDPowerProfiler.sys driver of the AMD μProf tool.
AMD μProf is a performance analysis utility that can be used to inspect Windows, Linux, and FreeBSD applications.
Successful exploitation of this flaw would allow attackers without enough privileges to gain access to kernel model-specific registers, which leads to privilege escalation and ring-0 code execution that gives the attacker full control over the vulnerable system.
In early October, right after Windows 11 began rolling out, AMD has also warned of significant performance hits on Windows 11-compatible AMD processors, including the latest Ryzen CPUs, when using some applications.
One of the compatibility issues led to increased measured and functional L3 cache latency which had a direct impact on the access time to the memory subsystem for some apps.
While for some of the affected apps the expected performance impact was between 3 to 5%, for eSports games AMD said that customers could see a performance decrease of 10-15% on Windows 11.
The AMD CPU issues were addressed two weeks later with the optional KB5006746 cumulative update preview for Windows 11 released on October 21.
“Addresses an L3 caching issue that might affect performance in some applications on devices that have AMD Ryzen processors after upgrading to Windows 11 (original release),” Microsoft explained in the release notes.
New Windows security updates break network printing
Windows 10 App Installer abused in BazarLoader malware attacks
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
Microsoft October 2021 Patch Tuesday fixes 4 zero-days, 71 flaws
Microsoft: New Windows driver deployment service coming soon
Not a member yet? Register Now
Microsoft: New security updates trigger Windows Server auth issues
HPE says hackers breached Aruba Central using stolen access key
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Planned Parenthood LA discloses data breach after ransomware attack

Former Ubiquiti dev charged for trying to extort his employerNew malware hides…

New Windows 11 build fixes widespread printer issues, system freezes

AMD fixes dozens of Windows 10 graphics driver security bugsVoid Balaur hackers-for-hire…

Hundreds of SPAR stores shut down, switch to cash after cyberattack

Microsoft offers 50% subscription discounts to Office piratesRussian hacking group uses new…

New ransomware now being deployed in Log4Shell attacks

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsBugs in billions…