The RCE that AMD won't fix

Posted by MrBruh 1 day ago

361 points | 156 commentspage 4

wiredpancake 1 day ago|

[dead]

YouAreWRONGtoo 1 day ago||

[dead]

nalekberov 1 day ago||

> This means that a malicious attacker on your network, or a nation state that has access to your ISP can easily perform a MITM attack and replace the network response with any malicious executable of their choosing.

I am pretty sure, a nation state wanting to hack an individual's system has way more effective tools at their disposal.

yunnpp 1 day ago||

Presumably, all Windows installations running on AMD are auto-executing this auto-update program.

Hizonner 1 day ago|||

I am pretty sure nation states hire people smart enough to use whatever works.

What the hell is more effective than getting root with a trivial MITM?

Not only is it effective, it's stealthy, in that it doesn't out you. It's obviously possible to both find and exploit it without a huge investment, which means nobody knows you're a nation state when you use it. You don't have to risk burning any really arcane zero-days or any hard to replace back doors.

Nation states are absolutely going to use things like that. And so is everybody else.

pixl97 1 day ago|||

I guess one should keep their eyes out on the next big BGP hijack.

userbinator 1 day ago||

...such as talking directly to AMD or even Microsoft, which is scarier as Windows Updates are signed, and as long as they can be convinced to sign the right thing, it'll look even more legit.

krater23 1 day ago|

Auto Update is EVERYTIME a RCE. When the software checks a signature, you just need the key. And the delivering enterprise have the key. EVERYTIME.

Don't understand why most people mean auto updating software would in any way create more security. It just creates more attack vectors for every software that has a auto updater.

dns_snek 22 hours ago||

Remote Code Execution (RCE) is a type of vulnerability. Intentionally running code from a developer you trust is not a vulnerability.

An auto-update mechanism only becomes an RCE if it allows unauthorized third parties to execute code on your machine by failing to verify that the code comes from a legitimate source.

> you just need the key

Secrecy of cryptographic keys is the basis of all cryptography we use. There's no "just", you need the key and you don't have it.