Following Criticism, AMD Decides to Roll Out Firmware Update for RYZEN 3000 Processors to Fix a Critical Vulnerability

Security researchers have discovered a critical security vulnerability within AMD processors, located in the processor's System Management Mode (SMM), where attackers could execute arbitrary code.

Since this code executes at the processor level, antivirus software operating at the system level is nearly incapable of detecting or removing the malicious code, nor can it defend against it. Even reinstalling the operating system would not remove the malicious code, as it exists outside of the OS.

The bad news is that this vulnerability poses a severe security risk. The good news, however, is that exploiting this vulnerability is also exceptionally challenging. Attackers would need to leverage different vulnerabilities in combination to access the computer's kernel and then exploit this vulnerability to access the SMM system.

These vulnerabilities affect all AMD processors released since 2006. However, considering the age of the RYZEN 1000/2000/3000 series, AMD initially decided not to offer security patches for these processors.

Now, AMD has updated its security bulletin to include the RYZEN 3000 series desktop processors in the support scope, with relevant security updates expected to be released in the coming days. Users will be able to address the vulnerability through a firmware update.

Other versions of the RYZEN 3000 series, such as Threadripper, EPYC, RYZEN 3000 mobile versions, and RYZEN 3000/4000 APUs, are also included in the list for updates, with firmware already released or forthcoming shortly.

Security-minded users can refer to AMD's announcement page, which lists all the products eligible for the update along with their corresponding microcode versions: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html