'CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation
Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.
Privilege escalation lets an attacker gain elevated access, which can enable data theft or system control; least privilege and patching limit impact.
Search across headline titles and summaries.
Background for this topic.
Privilege escalation is gaining access beyond the permissions assigned to an account, process, or service. Vertical escalation moves from a lower-privileged role to an administrator or system account; horizontal escalation accesses another user’s resources at a similar privilege level. Attack paths include software vulnerabilities, insecure authorization checks, exposed credentials, unsafe service configurations, and excessive permissions in operating systems, applications, cloud environments, or containers.
Successful escalation can let an attacker change security settings, access protected data, execute code as a trusted service, or establish control that survives an initial compromise. The most relevant defenses are least-privilege access, strong separation of administrative accounts, server-side authorization checks for every sensitive action, timely remediation of exploitable flaws, and review of permissions for users, services, and workloads. Logging privileged actions and unusual account or process behavior supports detection and helps determine whether a compromised low-privilege foothold reached higher-value systems.
Academics in Germany figured out how to reverse time in AMD virtualization environments, then reap the spoils.
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs
Another two bugs in this month's set of fixes for 63 CVEs were publicly disclosed previously but have not been exploited yet.
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation
Sapphire Rapids, Alder Lake, and Raptor Lake chip families treated for 'Redundant Prefix' Intel on Tuesday issued an out-of-band security update to address a privilege escalation vulnerability in recent server and personal computer chips.…