Semiconductor giant AMD said today that attackers wouldn’t likely abuse the vulnerabilities recently found in its products: they would need administrative access, and that kind of access would allow for far more effective attacks than the exploits at the center of the controversy.
“All the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings,” AMD said in a
press release today. “Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.”
However, as many researchers point out, it’s trivial to gain admin rights in an enterprise (or otherwise multi-tenant) server setup, which renders AMD’s excuse invalid.
