Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.
Madness.
source: web.archive.org/web/2026020615…
#vulnerability #infosec #cybersecurity
The RCE that AMD won't fix!
After reporting a RCE in AMD's auto-update software, they decided to not patch it due to it requiring a man-in-the-middle attack to perform.web.archive.org
This entry was edited (1 week ago)
Harry Sintonen
in reply to Harry Sintonen • • •You can do the following to remove the scheduled task that executes the vulnerable AMDAutoUpdate:
1. Run cmd.exe as administrator
2. schtasks /delete /TN AMDAutoUpdate /F
This prevents the AMDAutoUpdate from executing.
#infosec #cybersecurity #amd #ryzenmaster