AMD has confirmed the existence of a microcode-related vulnerability that affects some of its processors after PC manufacturer Asus accidentally disclosed a beta BIOS update related to the flaw, The Register reports.
The issue was described as a microcode signature verification vulnerability and could potentially allow unauthorized microcode to bypass verification mechanisms and be loaded into affected CPUs. While specifics of the vulnerability remain unclear, such an exploit could allow malicious actors with high-level system access to alter CPU functionality or compromise critical security features like System Management Mode and Secure Encrypted Virtualization, experts said.
The flaw was initially uncovered by researcher Tavis Ormandy with Google Project Zero, who flagged the premature release of a patch by Asus. The disclosure was made prior to AMD's official advisory and has subsequently sparked concerns over unauthorized fixes and their potential risks. AMD has since acknowledged the vulnerability and assured customers that a patch is in development. "AMD recommends customers continue to follow industry-standard security practices and only work with trusted suppliers when installing new code on their systems. AMD plans to issue a security bulletin soon with additional guidance and mitigation options," the company said in a statement.