|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
AMD Ryzen processor vulnerability
It’s been all over the news, but I’m not yet convinced that there’s anything there, there.
Dan Goodin at Ars Technica has a technical analysis:
The flaws—in AMD’s EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors—require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that’s difficult but by no means impossible to clear. From there, attackers can exploit the vulnerabilities to achieve a variety of extraordinary feats that would be catastrophic for the owners’ long-term security.
That — and the whole super-hyped marketing pitch — have given me pause.
I like the balance from Kevin Beaumont on his personal blog:
I would encourage security researchers not to disclose vulnerabilities like this. If you have vulnerabilities that you truly think are serious and truly want to provide information so people can protect themselves, work to get them resolved and work with the cyber security community around mitigations. The only real public exploit here at the moment is a press exploit. This situation should not be happening.
Which is exactly why I’m not going to write anything about it for Computerworld.
https://twitter.com/GossiTheDog/status/973829653772361728
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
The time has come for AI-generated art
by 22 minutes ago
-
Hackers are using two-factor authentication to infect you
by 23 minutes ago
-
23 and you
by 24 minutes ago
-
April’s deluge of patches
by 25 minutes ago
-
April’s deluge of patches
by 25 minutes ago
-
Windows 11 Windows Updater question
by 8 hours, 36 minutes ago
-
Key, Key, my kingdom for a Key!
by 15 hours, 31 minutes ago
-
Registry Patches for Windows 10
by 20 hours, 2 minutes ago
-
Cannot get line length to NOT wrap in Outlining in Word 365
by 2 hours, 36 minutes ago
-
DDU (Display Driver Uninstaller) updates
by 13 hours, 24 minutes ago
-
Align objects on a OneNote page
by 1 day, 1 hour ago
-
OneNote Send To button?
by 1 day, 2 hours ago
-
WU help needed with “Some settings are managed by your organization”
by 1 day, 10 hours ago
-
No Newsletters since 27 January
by 1 day, 6 hours ago
-
Linux Mint Debian Edition 7 gets OEM support, death of Ubuntu-based Mint ?
by 11 hours, 19 minutes ago
-
Windows Update “Areca Technology Corporation – System – 6.20.0.41”
by 9 hours, 59 minutes ago
-
Google One Storage Questions
by 1 hour, 6 minutes ago
-
Button Missing for Automatic Apps Updates
by 1 hour, 13 minutes ago
-
Ancient SSD thinks it’s new
by 15 hours, 55 minutes ago
-
Washington State lab testing provider exposed health data of 1.6 million people
by 2 days, 1 hour ago
-
WinRE KB5057589 fake out
by 38 minutes ago
-
The April 2025 Windows RE update might show as unsuccessful in Windows Update
by 1 day, 9 hours ago
-
Firefox 137
by 12 hours, 19 minutes ago
-
Whisky, a popular Wine frontend for Mac gamers, is no more
by 2 days, 13 hours ago
-
Windows 11 Insider Preview build 26120.3863 (24H2) released to BETA
by 2 days, 14 hours ago
-
Windows 11 Insider Preview build 26200.5551 released to DEV
by 2 days, 14 hours ago
-
New Windows 11 PC setup — can I start over in the middle to set up a local id?
by 1 day, 10 hours ago
-
Windows 11 Insider Preview Build 26100.3902 (24H2) released to Release Preview
by 2 days, 17 hours ago
-
Oracle kinda-sorta tells customers it was pwned
by 2 days, 23 hours ago
-
Global data centers (AI) are driving a big increase in electricity demand
by 3 days, 10 hours ago
Remembering Woody
