- 오픈AI, 인터넷 검색과 추론 결합한 AI 에이전트 ‘딥 리서치’ 출시
- AMD patches microcode security holes after accidental early disclosure
- Microsoft Will Remove the Free VPN That Comes With Windows Defender
- This versatile Microsoft laptop is perfect for work and travel - and it's still $500 off
- I thought a privacy screen protector was a great idea - then I put one on my Galaxy S25 Ultra
AMD patches microcode security holes after accidental early disclosure
Matt Kimball, VP and principal analyst at Moor Insights & Strategy, also said he believed that AMD did well in how it handled this situation.
“It’s good to see AMD working with its community to solve for these vulnerabilities quickly. The amount of work that goes into providing a fix — and thoroughly testing it — is extensive. It’s a big resource strain, so good coordination from AMD,” Kimball said. “It is an unfortunate reality that these vulnerabilities find their way into systems, but it’s a reality nonetheless. The real measure of a vendor is how quickly they respond to mitigating and nullifying these vulnerabilities. In the case of AMD, the response was swift and thorough.”
What is critical, Villanustre added, is that admins focus on the UEFI (Unified Extensible Firmware Interface), which is the interface between the OS and the firmware. If the UEFI, which used to be known as system BIOS, is not updated, the microcode problem will keep returning every time servers reboot, Villanustre explained. “This can be simply addressed by updating your UEFI.”
“This situation highlights how deeply firmware issues have become [embedded] in modern computing,” Price said. “It is going to make emergency patches more difficult in the future. Future microcode patches will require full system reboots.”
AMD released two patches for the problem. “AMD has made available a mitigation for this issue which requires updating microcode on all impacted platforms to help prevent an attacker from loading malicious microcode,” AMD said. “Additionally, an SEV firmware update is required for some platforms to support SEV-SNP attestation. Updating the system BIOS image and rebooting the platform will enable attestation of the mitigation. A confidential guest can verify the mitigation has been enabled on the target platform through the SEV-SNP attestation report.”
AMD said the cybersecurity risk of not deploying the patch is significant, explaining, “improper signature verification in the AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.”
