Recently, we covered the Intel "Downfall" GDS security vulnerability that affects almost all of the slightly older Intel processors. Although the newer generation chips were unaffected by that, a buggy microcode update from Intel and its vendor partners' side led to a "UNSUPPORTED_PROCESSOR" BSODs on Windows 11 and Windows 10 PCs and Microsoft rightfully denied taking any blame for that.
Meanwhile, Red Team rivals have not been immune to issues either as researchers discovered a YMM register-related vulnerability in Ryzen 3000, 4000, 5000, 7000 series chips called "Zenbleed".
Microsoft has published a Tech Community blog post today describing how IT admins and system admins can manage such vulnerable processors using a new Defender technology called "Hardware and Firmware Assessment" inside Microsoft Defender Vulnerability Management.
In the example image provided though, Microsoft shows an AMD Carrizo A10-8700P APU which is not affected by Zenbleed. Carrizo is based on the fourth-gen Bulldozer micro-architecture known as Excavator.
Microsoft explains:
Microsoft Defender Vulnerability Management Hardware and firmware assessment capability provides an inventory of known hardware and firmware in your organization. This allows you to identify devices with AMD processors that are potentially exposed to this vulnerability (these devices must be onboarded to the service).
To use this capability, you’ll need access Defender Vulnerability Management premium offering. You can do that via purchasing the Add-on or Standalone licenses or by simply joining the free trial.
In a section under that, Microsoft has shown how to identify vulnerable processors using the tool:
The following Advanced Hunting query provides a list of the potentially vulnerable devices with AMD processors:
DeviceTvmHardwareFirmware
| where ComponentType == "Processor"
| where Manufacturer contains "amd"
AMD has already announced that firmware patches that mitigate the Zenbleed vulnerability are on their way. You can bookmark this dedicated article we did to keep track of when the applicable firmware will be available.
4 Comments - Add comment