Intel's having a bad year... but it looks like it's going to be worse for AMD

The recent kerfuffle about Intel's 13xxxK /14xxxK processors isn't
showing the company (or their products) in any good light, but at
least the problem is only affecting a small percentage of its
customers (albeit, possibly, its most loyal and evangelical users; the
sort who pay through the nose for the most expensive high-end
products). But it looks as if AMD is going to be having an even worse
experience.

Recent revelations about the "Sinkclose" bug could be devastating for
the company, since not only is a serious issue, but it effects a much
wider range of products. "Sinkclose" leverages the System Management
Mode built into x86 processors since at least 2006, and allows
hardware access even below 'ring zero' security levels (and any such
access would generally be undetectable by the OS). Depending on the
machine's hardware configuration, any hacks could also be
irreversible, since they could infect core flash-ROMs. If this was the
case, you couldn't even trust a machine if you manually re-flashed its
ROMs*, since the exploit would load before the flashing software.

Intel chips aren't immune to such shenanigans (in fact, a similar
problem was found with SMM exploits in Intel chips back in 2015) but
the AMD problem is even worse because it effects a much wider range of
processors; potentially, /any/ AMD processor released since 2006. It
also can't easily be patched away with new micro-code; while a fix
could prevent the exploit from working in the future, if your machine
is already compromised, any micro-code patch won't correct the
problem.

Like most exploits, it isn't something easily taken advantage of
remotely (although it's not impossible). Generally it will require the
end-user to download a program which will inject the code first.
However, given the lax security of most users that's really not much
of an obstacle.

There aren't any KNOWN instances of malware using this exploit,
although given its wide-ranging impact, it seems almost certain that
its known at the nation-state level. But now that it's been publicly
revealed, its quite possible that -even though specific code examples
haven't been released- smaller actors will be figure out how to make
use of the vulnerability. I mean, if you're of a criminal bent, who
wouldn't want an undetectable, unremovable way to access a user's
computer, allowing you to read their data and use their PC for
whatever nefarious deeds you want?

People have been bitching about the overarching and unconstrained
power SMM allows since it was first introduced, and this is just
another example of why its advantages in no way counterbalance its
disadvantages.

You have to wonder about the timing of the release of this news.
Certainly it puts AMD in a bad light, just when Intel was suffering in
the news. Obviously Intel had nothing to do with the underlying
problem

    [Aside from, you know, foisting SMM on end-users in
     the first place, but AMD could have said 'no' and
     not included it in their own designs!]

and I don't think they've been sitting on the issue waiting for /just/
the right moment to push it out as a distraction

   [As far as I am aware, the researchers who divulged this
    exploit have nothing to do with Intel]

but I wouldn't be surprised if Intel helped amplify the message, which
otherwise might slipped by unnoticed. A sort of, "Oh, you think
_we're_ bad, did you read what's going on with AMD here?" sort of
response.

Still, it's better to know than not. Still, you gotta feel sorry for
AMD right now. They were riding high on Intel's misfortune until now.
;-)








* well, unless you did so outside the infected machine