AMD confirms microcode vulnerability revealed in beta BIOS update

AMD confirms microcode flaw in processors via Asus beta BIOS update.

: AMD has acknowledged a microcode vulnerability revealed by an Asus BIOS update, alerting security experts. Tavis Ormandy of Google's Project Zero initially identified the flaw, noting its potential severity. The issue involves bypassing microcode signature verification but is challenging to exploit. Ongoing efforts aim to mitigate the issue, drawing concerns from individuals like Demi Marie Obenour regarding critical security components.

AMD has confirmed a microcode signature verification vulnerability in some processors, initially revealed through an Asus beta BIOS update. This discovery by Google Project Zero's Tavis Ormandy led to increased security concern before AMD's official disclosure.

Exploiting this flaw requires local administrator access and the ability to execute harmful microcode, suggesting it is not easily exploitable. Demi Marie Obenour pointed out the risks to security features such as SEV-SNP and SMM.

AMD's history with security challenges includes past incidents like RYZENFALL and Sinkclose vulnerabilities. The latter, disclosed in 2024, posed risks to numerous devices, emphasizing the ongoing need for vigilance.

AMDMicrocode VulnerabilityHardware security