Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user).

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: https://web.archive.org/web/20260206152314/https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

@harrysintonen This is imo just as bad or worse than the Notepad++ supply chain attack that has been much in the news. It is easier for many state level actors to exploit, as well, since no compromise of the actual server is necessary. https + verification of code signing is imo the minimum bar for any auto-update process. This is 2026, not 2017. We shouldn't be dealing with another NotPetya in the making through failure to follow well established best practices.

@harrysintonen @Infoseepage

I got bad news for you about a lot of Linux distributions, they fail on at least one point (https). Not that I agree with that policy but it's often the most compatible way.

The lack of code signing is an issue, though it's unclear whether RyzenMaster is run by a user granted permissions to run unsigned code. If it requires signing they're basically praying that Microsoft's stuff is doing the heavy lifting for them. The blog is a bit light on details and seems to suggest this is a theoretical that the researcher didn't follow through with proving out fully.

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: https://web.archive.org/web/20260206152314/https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: https://web.archive.org/web/20260206152314/https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

@harrysintonen 404

@harrysintonen 404

@harrysintonen 404

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: https://web.archive.org/web/20260206152314/https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity

@gsuberland @harrysintonen 404 here too

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: https://web.archive.org/web/20260206152314/https://mrbruh.com/amd/

#vulnerability #infosec #cybersecurity