https://community.isc2.org/t5/Threats/New-AMD-SinkClose-flaw-helps-install-nearly-undetectable-malware/m-p/73145#M1351 <P>Hi All</P><P>&nbsp;</P><P>AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.</P><P>Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system's Kernel.</P><P>The Ring -2 privilege level is associated with modern CPUs' System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/" target="_blank">https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 15 Aug 2024 20:17:56 GMT Caute_cautim 2024-08-15T20:17:56Z https://community.isc2.org/t5/Threats/New-AMD-SinkClose-flaw-helps-install-nearly-undetectable-malware/m-p/73145#M1351 <P>Hi All</P><P>&nbsp;</P><P>AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable.</P><P>Ring -2 is one of the highest privilege levels on a computer, running above Ring -1 (used for hypervisors and CPU virtualization) and Ring 0, which is the privilege level used by an operating system's Kernel.</P><P>The Ring -2 privilege level is associated with modern CPUs' System Management Mode (SMM) feature. SMM handles power management, hardware control, security, and other low-level operations required for system stability.</P><P>&nbsp;</P><P><A href="https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/" target="_blank">https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Thu, 15 Aug 2024 20:17:56 GMT https://community.isc2.org/t5/Threats/New-AMD-SinkClose-flaw-helps-install-nearly-undetectable-malware/m-p/73145#M1351 Caute_cautim 2024-08-15T20:17:56Z