AMD Announces Steps, Resources for Spectre Mitigations

AMD today announced, via a security blog post penned by their own Mark Papermaster, that they’re beginning deployment of mitigations and resources for AMD processors affected by the Spectre exploits. In the blog post, AMD reiterates how exploits based on version 1 of Spectre exploits (GPZ 1 – Google Project Zero Flaw 1) have already been covered by AMD’s partners. At the same time, AMD reiterates how their processors are invulnerable to Meltdown exploits (GPZ3), and explains how mitigations for GPZ2 (Spectre) will occur.

These mitigations require a combination of processor microcode updates from OEM and motherboard partners, as well as running the current and fully up-to-date version of Windows. For Linux users, AMD-recommended mitigations for GPZ Variant 2 were made available to Linux partners and have been released to distribution earlier this year.

AMD further related how difficult they expect exploits of the GPZ Variant 2 to be on their CPUs, but say that they have nonetheless worked with customers and partners in order to provide full coverage from such scenarios, by a “combination of operating system patches and microcode updates for AMD processors to further mitigate the risk.” A whitepaper detailing the AMD recommended mitigation for Windows is available, as well as links to ecosystem resources for the latest updates.

Operating System Updates for GPZ Variant 2/Spectre

Microsoft is releasing an operating system update containing Variant 2 (Spectre) mitigations for AMD users running Windows 10 (version 1709) today. Support for these mitigations for AMD processors in Windows Server 2016 is expected to be available following final validation and testing.

AMD Microcode Updates for GPZ Variant 2/Spectre

In addition, microcode updates with our recommended mitigations addressing Variant 2 (Spectre) have been released to our customers and ecosystem partners for AMD processors dating back to the first “Bulldozer” core products introduced in 2011. Users should eventually be able to install the microcode patches by downloading BIOS updates provided by PC and server manufacturers and motherboard providers. Source: AMD Security Bulletin

Add a Comment