A high-severity security vulnerability, identified as CVE-2024-21966, has been discovered in the AMD Ryzen![\"\u2122\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/2122.png?ssl=1\")
Master Utility, a software tool designed to optimize the performance of AMD Ryzen processors.\u00a0<\/p>\n
The vulnerability, classified as DLL hijacking<\/a>, could allow attackers to execute arbitrary code and escalate privileges on affected systems.\u00a0<\/p>\n With a CVSS score of 7.3, this vulnerability is considered to pose a serious security risk.\u00a0<\/p>\n The AMD Ryzen However, researchers found that the software does not enforce proper checks to prevent the dynamic loading of malicious DLLs (Dynamic Link Libraries).\u00a0<\/p>\n This flaw creates an avenue for attackers to exploit the software by injecting malicious code into the system. An attacker could place a malicious DLL in a directory that the Ryzen Master Utility accesses, tricking the application into loading it.\u00a0<\/p>\n Once loaded, this DLL could execute arbitrary code<\/a> with elevated privileges, potentially compromising system integrity and confidentiality.<\/p>\n AMD has credited security researchers from Pwni for identifying and responsibly disclosing this vulnerability under a coordinated disclosure process.<\/p>\n The primary impact of this vulnerability is arbitrary code execution, which could lead to:<\/p>\n The vulnerability affects all versions of AMD Ryzen AMD has acknowledged<\/a> the vulnerability and recommends users update their Ryzen Master Utility software to version 2.14.0.3205 or higher.\u00a0<\/p>\n The updated version includes necessary security patches that address the DLL hijacking issue by implementing stricter validation for dynamically loaded libraries.<\/p>\n To mitigate risks:<\/p>\n Similar vulnerabilities have been reported in other AMD products, such as the AMD Integrated Management Technology (AIM-T) Manageability Service (CVE-2023-31361) and AMD \u03bcProf (CVE-2023-31348), highlighting the importance of secure library loading practices across software ecosystems.<\/p>\n The post AMD Ryzen DLL Hijacking Vulnerability Let Attackers Execute Arbitrary Code<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n Master Utility provides users with a user-friendly interface for overclocking processors, monitoring system performance, and adjusting system settings.<\/p>\nImpact and Affected Products<\/strong><\/h2>\n
\n
Master Utility prior to version 2.14.0.3205.<\/p>\n\n
Master Utility from AMD\u2019s official website.<\/li>\nFind this Story Interesting! Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>, and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/code><\/strong><\/p>\n