The Latest Vulnerability in AMD Zen 5 Processors: Risks for Banking Infrastructure and How to Protect Yourself

-

In a recent development that raises serious concerns for the banking sector and organizations using servers powered by AMD processors, a critical vulnerability has been identified as CVE-2024-36347. This flaw, which affects the latest generation of AMD Zen 5 processors, could allow unauthorized microcode injection into the CPU, exposing systems to advanced security risks.

What is CVE-2024-36347?

The vulnerability stems from a weak implementation of the AES-CMAC hashing algorithm, which is used in the microcode signature verification process. In practice, this can allow an attacker with elevated privileges (kernel-level access) to load modified microcode into the CPU. Although the unauthorized microcode does not persist after a system reboot, the risk remains high in scenarios where attackers gain such access, especially via insecure kernel drivers.

Which devices are affected?

The vulnerability impacts the entire line of Zen 5 processors, including:

  • Granite Ridge

  • Turin (EPYC 9005)

  • Strix Point

  • Kraken Point

  • Strix Halo

Notably, the EPYC 9005 (Turin) processors are widely used in data centers and servers that support financial and banking systems, due to advanced features like SEV and SEV-SNP (capabilities for VM isolation and encryption).

How to protect yourself?

AMD has released a firmware update, AGESA 1.2.0.3C, that addresses this vulnerability. Major motherboard manufacturers, such as MSI and others, have started distributing BIOS updates that include this firmware version.

For organizations—especially banks—it is recommended to:

  1. Verify if their servers and systems are using AMD Zen 5 processors.

  2. Immediately apply BIOS updates that contain AGESA 1.2.0.3C.

  3. Conduct audits of kernel drivers to identify insecure components.

  4. Continuously monitor systems for abnormal behavior that could indicate microcode injection attempts.

Why is this critical for banks?

Banks and financial institutions rely on highly secure infrastructure to protect sensitive data and transactions. A compromise at the CPU level could have severe consequences, including leakage of encrypted data, increased risk of hypervisor escape attacks, and failures in the integrity of critical systems.

Conclusion

As technologies advance, so does the threat landscape. CVE-2024-36347 serves as a strong reminder that security must be addressed at all levels—from software to hardware. Applying updates and maintaining continuous monitoring are key to safeguarding banking infrastructure from such threats.

References: AMD Security Bulletin (CVE-2024-36347) National Vulnerability Database (NVD); Motherboard vendor BIOS release notes (MSI, ASUS, Gigabyte)

Comments

Post a Comment

Popular posts from this blog

Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution

-
Image
Critical Vulnerability in Veeam Backup & Replication Exposes Enterprises to Remote Code Execution By : Rei Ibraima A newly discovered critical vulnerability in Veeam’s Backup & Replication software, designated as CVE-2025-23120, poses a significant security risk to enterprise environments. The flaw allows authenticated domain users to execute arbitrary code remotely, potentially leading to full compromise of backup infrastructures. About CVE-2025-23120 The vulnerability arises from an insecure deserialization issue within Veeam Backup & Replication components—particularly in the .NET classes Veeam.Backup.EsxManager.xmlFrameworkDs and Veeam.Backup.Core.BackupSummary. Improper input validation in these components allows attackers to inject malicious serialized objects that are executed on the server side, resulting in Remote Code Execution (RCE). This issue affects systems where Veeam Backup & Replication is deployed in a domain-joined configuration, which—while common—is...
Read more

CISA and ENISA enhance their Cooperation

-
Image
  The European Union Agency for Cybersecurity (ENISA) has signed a Working Arrangement with the Cybersecurity and Infrastructure Security Agency (CISA) of the US, in the areas of capacity-building, best practices exchange and boosting situational awareness. Geopolitics have shaped the cyber threat landscape, bringing like-minded partners closer together in the wake of common cyber challenges and advances in digital technologies. Today at the EU-US Cyber Dialogue, ENISA and CISA announced the signing of their Working Arrangement as an important milestone in the overall cooperation between the United States and the European Union in the field of cybersecurity, also following the Joint Statement of European Commissioner Thierry Breton and U.S. Secretary for Homeland Security Alejandro Mayorkas of January 2023. ENISA’s International Strategy directs the Agency to be selective in engaging with international partners and to limit its overall approach in international cooperation to those...
Read more

New Diicot Threat Group Targets SSH Servers with Brute-Force Malware

-
Image
  Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives. Diicot shares its new name with the Romanian anti-terrorism policing unit and uses the same style of messaging and imagery. Researchers from Cado Labs reported that an emerging Romanian threat actor called Diicot is utilizing unique TTPs (Tactics, Techniques, and Procedures) and an interesting attack pattern to target victims. The researchers noted that the group has been using brute-force malware whose payloads have neither been publicly reported nor appeared in common repositories. About Diicot Threat Group Diicot, previously known as Mexals, is a relatively new threat group that possesses extensive technical knowledge and has a broad range of objectives. Diicot shares its new name with the Romanian anti-terrorism policing unit and uses the same style of messaging and imagery. Previous research by Akamai and Bitdefender reveals ...
Read more