AMD has confirmed that a security vulnerability was found in some of its processors, and it has announced that a patch is in progress. However, this patch unexpectedly appeared in a beta BIOS update from Asus. The fact that the tech giant did not announce the vulnerability, despite being aware of it, has sparked significant backlash from the community. Here are the details!

Details of the Security Flaw

The vulnerability targets the microcode signature validation mechanism loaded during the processor’s boot process. Microcode contains a series of instructions that dictate how the processor operates and can typically be updated by the manufacturer. However, it is believed that this vulnerability could allow unauthorized microcodes to be loaded onto the processor.

If a hacker could load malicious microcode onto AMD processors, it could alter the normal operation of the processor or even completely disable it. Normally, these codes should only be loaded by authorized software, but the vulnerability makes them susceptible to external tampering, posing serious security risks.

Google security researcher Tavis Ormandy discovered that a beta BIOS update from Asus contained a patch for this flaw. It was noteworthy that Asus had released a patch for the security issue before AMD made it publicly known. Asus later removed this patch from its update notes, but the security community had already noticed the issue.

AMD acknowledged the vulnerability, stating that necessary corrections have been made and that detailed information would be shared in an upcoming security bulletin. The company recommended that users only update software from official sources and avoid loading untrusted code onto their systems.

While security experts believe that this flaw only poses a risk to a specific group of users, further details are expected to emerge following AMD’s official statement. How significant do you think these kinds of security flaws are for processor manufacturers? Share your thoughts in the comments!