Discover and read the best of Twitter Threads about #patchtuesday

Most recents (2)

Looks like AMD's ROM Armor feature was made public. This feature is direct result of our research. Hugo and myself discovered race condition in AMD's chipset. Rather than doing proper coordinated disclosure AMD marketed their fix it as a new feature. 🧵
It is similar to Intel's SpeedRacer vulnerability. When chipset receives SMI# signal it unlocks SPI controller but there is no guarantee all threads entered SMM. So we have a small time window to sneak commands directly to SPI BAR.
Since this vulnerability permanently exists in their hardware they disabled access to SPI controller from Ring0 and SMM and moved all SPI related operations to PSP for which Hugo found bunch of bypasses and credited in recent #PatchTuesday
Read 6 tweets
WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Details —…

Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

#cybersecurity #sysadmins #microsoft #informationsecurity
If exploited, #SigRed Windows Server #vulnerability enables hackers to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials, and eventually compromise an organization's entire IT infrastructure.…
Read 8 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!