You might be surprised that not all AMD chips will receive updates to fix a newly discovered security vulnerability known as “Sinkclose.” Researchers from IOActive discovered this flaw, which affects many AMD processors dating back to 2006. However, AMD has decided not to release patches for several of its older chip models, leaving them exposed to potential risks.
Which chips are affected?
The “Sinkclose” vulnerability is a significant concern, especially for those managing older systems. According to a report from Wired, most AMD processors produced since 2006 are impacted by this flaw. It allows hackers to run malicious code within the chips' System Management Mode (SMM), which is usually a secure environment that's difficult to access. The vulnerability poses a higher risk for governments and large organisations than individual users, as exploiting it requires deep access to a system.
Despite the severity of the flaw, AMD has announced that it won't release patches for some older chip series. These include the Ryzen 1000, 2000, and 3000 series and the Threadripper 1000 and 2000 series. AMD explained that these chips are considered “older products outside our software support window.” In other words, they no longer fall under the period during which AMD provides regular software updates and security patches.
What's the impact?
This means that users of these older chip models' systems will remain vulnerable to the Sinkclose flaw unless they upgrade to newer hardware. The decision to exclude these older chips from the patching process could leave many legacy systems at risk, especially in environments where upgrading hardware isn't always feasible.
While AMD has assured users that newer models and all embedded processors will receive the necessary patches, those still using older processors may need to reconsider their options. The company's focus on more recent hardware means that if you're using one of the unsupported chips, you might be on your own in terms of security.
The Sinkclose flaw's potential impact must be balanced, particularly in environments where security is paramount. However, AMD's decision reflects a standard industry practice where older hardware loses support as companies shift resources to newer products. While this is understandable from a business perspective, it does leave certain users in a difficult position.
What should you do?
If you're running one of the older AMD processors affected, consider assessing the security risks to your systems. The risk may be minimal for individuals, but for businesses or organisations, especially those handling sensitive information, it could be a different story. Upgrading to newer hardware might be necessary to ensure your systems are fully protected.
The discovery of the Sinkclose vulnerability reminds us of the importance of keeping our hardware and software up to date. Security flaws like these can emerge at any time, and the best defence is to ensure that our systems are running on supported, regularly updated hardware.
