Home » News » AMD patches microcode security holes after accidental early disclosure

AMD patches microcode security holes after accidental early disclosure

AMD logo on office
May Be Interested In:Elon Musk’s newest job title is literally ‘unlisted’



Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation.

“It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a big resource strain,  so good coordination from AMD,” Kimball said. “It is an unfortunate reality that these vulnerabilities find their way into systems, but it’s a reality nonetheless. The real measure of a vendor is how quickly they respond to mitigating and nullifying these vulnerabilities. In the case of AMD, the response was swift and thorough.”

What is critical, Villanustre added, is that admins focus on the UEFI (Unified Extensible Firmware Interface), which is the interface between the OS and the firmware. If the UEFI, which used to be known as system BIOS, is not updated, the microcode problem will keep returning every time servers reboot, Villanustre explained. “This can be simply addressed by updating your UEFI.”

“This situation highlights how deeply firmware issues have become [embedded] in modern computing,” Price said. “It is going to make emergency patches more difficult in the future. Future microcode patches will require full system reboots.”

AMD released two patches for the problem. “AMD has made available a mitigation for this issue which requires updating microcode on all impacted platforms to help prevent an attacker from loading malicious microcode,” AMD said. “Additionally, an SEV firmware update is required for some platforms to support SEV-SNP attestation. Updating the system BIOS image and rebooting the platform will enable attestation of the mitigation. A confidential guest can verify the mitigation has been enabled on the target platform through the SEV-SNP attestation report.”

AMD said the cybersecurity risk of not deploying the patch is significant, explaining, “improper signature verification in the AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.”

share Share facebook pinterest whatsapp x print

Similar Content

Prime Minister Justin Trudeau and Minister of Emergency Preparedness Harjit Sajjan meet with West Kelowna Fire Rescue Chief Jason Brolund to go over wildfire mapping at the firehall in West Kelowna, B.C., Friday, May 10, 2024. THE CANADIAN PRESS/Aaron Hemens
West Kelowna fire chief says L.A. devastation a haunting reminder of B.C. blaze January 11, 2025
Roland’s Latest MicroKorg Is Great, but It No Longer Reigns Supreme
Roland’s Latest MicroKorg Is Great, but It No Longer Reigns Supreme December 7, 2024
How China Is Reacting to DeepSeek Upending the A.I. Race
How China Is Reacting to DeepSeek Upending the A.I. Race January 28, 2025
How should the opioid settlements be spent? Those hit hardest often don’t have a say
How should the opioid settlements be spent? Those hit hardest often don’t have a say December 9, 2024
Swinney taking ‘nothing for granted’ on Budget despite Labour plans to abstain
Swinney taking ‘nothing for granted’ on Budget despite Labour plans to abstain January 8, 2025
Madonna, 66, revealed that it had felt like her 'heart was ripped out' after her mother, Louise Ciccone, passed away at age 30 in 1963 following breast cancer diagnosis
Madonna says her ‘heart was ripped out’ after her mother’s death when she was only five January 4, 2025
The Unseen News: Beyond the Mainstream | © 2025 | Daily News