Home » News » AMD patches microcode security holes after accidental early disclosure

AMD patches microcode security holes after accidental early disclosure

AMD logo on office
May Be Interested In:Meet the ‘Luigi Girls’ who slept outside a courthouse to see the alleged killer in the flesh



Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation.

“It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a big resource strain,  so good coordination from AMD,” Kimball said. “It is an unfortunate reality that these vulnerabilities find their way into systems, but it’s a reality nonetheless. The real measure of a vendor is how quickly they respond to mitigating and nullifying these vulnerabilities. In the case of AMD, the response was swift and thorough.”

What is critical, Villanustre added, is that admins focus on the UEFI (Unified Extensible Firmware Interface), which is the interface between the OS and the firmware. If the UEFI, which used to be known as system BIOS, is not updated, the microcode problem will keep returning every time servers reboot, Villanustre explained. “This can be simply addressed by updating your UEFI.”

“This situation highlights how deeply firmware issues have become [embedded] in modern computing,” Price said. “It is going to make emergency patches more difficult in the future. Future microcode patches will require full system reboots.”

AMD released two patches for the problem. “AMD has made available a mitigation for this issue which requires updating microcode on all impacted platforms to help prevent an attacker from loading malicious microcode,” AMD said. “Additionally, an SEV firmware update is required for some platforms to support SEV-SNP attestation. Updating the system BIOS image and rebooting the platform will enable attestation of the mitigation. A confidential guest can verify the mitigation has been enabled on the target platform through the SEV-SNP attestation report.”

AMD said the cybersecurity risk of not deploying the patch is significant, explaining, “improper signature verification in the AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.”

share Share facebook pinterest whatsapp x print

Similar Content

Ottawa Charge forward Danielle Serdachny
What to expect from the Ottawa Charge in Year 2 of the PWHL November 29, 2024
Ipso logo
When is the best time to exercise – morning, midday or evening? April 8, 2025
Shutterstock Germany - AI-Bots under attack
IETF hatching a new way to tame aggressive AI website scraping April 9, 2025
Google News
Google News March 23, 2025
Supreme Court agrees to hear case about TikTok ban
Supreme Court agrees to hear case about TikTok ban December 19, 2024
Gender Equality May Be New for Space Tourism but Not for NASA
Gender Equality May Be New for Space Tourism but Not for NASA April 13, 2025
The Unseen News: Beyond the Mainstream | © 2025 | Daily News