AMD Alerts Users to New Transient Scheduler Vulnerabilities Affecting Various CPU Models

Date: July 10, 2025
Category: Vulnerability / Hardware Security

AMD has issued a warning regarding a fresh wave of vulnerabilities impacting a wide array of chipsets, posing risks of data exposure. These vulnerabilities, known as Transient Scheduler Attacks (TSA), exploit speculative execution timing under certain microarchitectural conditions, creating a potential side channel in the CPUs. “In some instances, attackers could leverage this timing data to extract information from different contexts, leading to data leaks,” AMD stated in its advisory. The vulnerabilities were identified through research conducted by Microsoft and ETH Zurich, which tested modern CPUs against speculative execution threats like Meltdown and Foreshadow by examining isolation among security domains, including virtual machines, kernels, and processes. Following responsible disclosure in June 2024, the vulnerabilities have been assigned the following CVE identifiers: CVE-2024-36350 (CVSS score: 5.6).

AMD Issues Warning on Vulnerabilities Affecting a Wide Range of CPUs

In a recent advisory, semiconductor giant AMD has highlighted a new set of vulnerabilities that may compromise the security of various chipsets, potentially allowing unauthorized access to sensitive information. These vulnerabilities, grouped under the term Transient Scheduler Attacks (TSA), exploit a speculative side channel present in AMD CPUs. This occurs through the manipulation of instruction execution timing under specific microarchitectural conditions, which can result in information leakage.

According to AMD, attackers may have the ability to infer confidential data from other contexts by monitoring this timing information. The revelations stem from a study conducted by researchers from Microsoft and ETH Zurich, aimed at assessing modern CPUs against speculative execution vulnerabilities, similar to previously identified threats such as Meltdown and Foreshadow. The researchers employed rigorous testing methods that scrutinized the isolation mechanisms between different security domains, including virtual machines, kernels, and processes.

Following a process of responsible disclosure in June 2024, AMD has assigned unique Common Vulnerabilities and Exposures (CVE) identifiers to these issues, specifically CVE-2024-36350, which carries a CVSS score of 5.6. These findings underscore the heightened risks associated with speculative execution and the potential for attackers to exploit even subtle variances in CPU behavior.

The implications of these vulnerabilities extend beyond AMD’s own hardware; they signify a broader concern for all businesses reliant on affected chipsets. As businesses increasingly rely on cloud computing and virtualization, the potential for exposure to these attacks raises significant security concerns. With the modern enterprise architecture relying heavily on various security domains, understanding the interplay between these domains is essential for safeguarding sensitive information.

From a tactical standpoint, several MITRE ATT&CK techniques might be relevant to these vulnerabilities. Adversaries could focus on tactics such as initial access, through which they gain foothold within corporate environments, or move into persistence strategies that allow them to maintain their presence undetected. Techniques associated with privilege escalation may also apply, providing attackers with higher access levels once they’ve infiltrated a system.

Given the complexity and sophistication of these vulnerabilities, business leaders are encouraged to reassess their cybersecurity posture. Proactive measures, such as implementing updated security protocols and ensuring that all systems are patched against known vulnerabilities, are pivotal in mitigating the risks associated with Transient Scheduler Attacks.

As the landscape of cybersecurity continues to evolve, incidents like this illuminate the need for vigilance in securing sensitive data. With AMD’s revelations fresh in mind, organizations must remain steadfast in their commitment to protecting their digital assets against potential cyber threats.

Source link

Related Posts

TA829 and UNK_GreenSec Collaborate on Strategies and Infrastructure in Ongoing Malware Campaigns

July 01, 2025
Cyber Espionage / Vulnerability

Cybersecurity experts have identified striking tactical parallels between the threat actors behind the RomCom RAT and a group observed deploying a loader named TransferLoader. Enterprise security firm Proofpoint is tracking this activity back to a group recognized as UNK_GreenSec, alongside the RomCom RAT actors, referred to as TA829. This group is also known by multiple aliases, including CIGAR, Nebulous Mantis, Storm-0978, Tropical Scorpius, UAC-0180, UAT-5647, UNC2596, and Void Rabisu. According to Proofpoint’s findings, UNK_GreenSec emerged during their investigation of TA829, with notable similarities in infrastructure, delivery tactics, landing pages, and email lure themes. TA829 stands out in the threat landscape for its capacity to engage in both espionage and financially motivated attacks. This hybrid group, aligned with Russia, has been linked to the exploitation of zero-day vulnerabilities in Mozilla software.

Critical Flaw in Anthropic’s MCP Poses Remote Exploitation Risk for Developer Systems

July 01, 2025
Vulnerability / AI Security

Cybersecurity experts have identified a severe security flaw in Anthropic’s Model Context Protocol (MCP) Inspector project, potentially enabling remote code execution (RCE) and granting attackers total access to affected systems. Identified as CVE-2025-49596, this vulnerability boasts a CVSS score of 9.4 out of 10, indicating a critical risk level. “This represents one of the first significant RCE vulnerabilities within Anthropic’s MCP framework, opening the door to a new wave of browser-based attacks targeting AI development tools,” stated Avi Lumelsky from Oligo Security in a recent report. “With the ability to execute code on a developer’s machine, attackers can compromise sensitive data, install malware, and navigate through networks—posing serious threats to AI teams, open-source initiatives, and enterprises utilizing MCP.” Introduced by Anthropic in November 2024, MCP is an open protocol aimed at standardizing large language model (LLM) applications…

Hackers Exploit PDFs to Impersonate Microsoft, DocuSign, and Others in Callback Phishing Schemes

Cybersecurity experts have raised alarms about phishing campaigns that mimic well-known brands, deceiving victims into calling phone numbers managed by cybercriminals. According to Cisco Talos researcher Omid Mirzaei, “A notable percentage of email threats featuring PDF payloads persuade victims to dial adversary-controlled numbers, showcasing a prevalent social engineering tactic referred to as Telephone-Oriented Attack Delivery (TOAD) or callback phishing.” An analysis of phishing emails with PDF attachments from May 5 to June 5, 2025, found that Microsoft and DocuSign were the most frequently impersonated brands. Other notable targets in TOAD emails included NortonLifeLock, PayPal, and Geek Squad. This surge in activity forms part of broader phishing efforts that leverage the trust associated with popular brands to provoke harmful actions. Typically, these messages include PDF attachments…

Severe Cisco Vulnerability in Unified CM Allows Root Access via Hard-Coded Credentials

July 3, 2025
Vulnerability / Network Security

Cisco has issued patches to fix a critical security flaw in Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME). This vulnerability could enable an attacker to access susceptible devices with root privileges, achieving a CVSS score of 10.0 under the identifier CVE-2025-20309. In an advisory released on Wednesday, Cisco noted that “this vulnerability arises from the use of static user credentials for the root account, which are meant for development use only.” An attacker could exploit this flaw to log into an affected system and execute arbitrary commands as a root user. Hard-coded credentials often stem from testing or temporary fixes during development, but they should never be present in live environments.