AMD identified a critical vulnerability in its automatic driver update system, yet the company is ignoring it

A vulnerability has been discovered in the AMD driver auto‑update system

A new cybersecurity researcher from New Zealand found that the component loading mechanism in AMD’s automatic driver update service uses an insecure channel. The study was published temporarily while the author deleted their post.

What is happening

When the system detects a suitable update, it downloads it over a plain HTTP connection. This opens the door for a “man‑in‑the‑middle” (MITM): an attacker on the same network or beyond can replace the real AMD resource with their own, alter the file contents during transit, and even inject spyware or ransomware with administrative privileges.

AMD’s response

The author immediately reported the issue to the company. In reply, AMD sent a refusal letter stating that MITM attacks “fall outside” of their responsibility. This means that a fix is currently unknown and may never happen.

Who is at risk

Since AMD drivers are used on many PCs worldwide, potentially millions of systems are at risk. Many users allow automatic connections to known Wi‑Fi networks, which only exacerbates the danger.

History of the problem

The exact date of the vulnerability’s appearance is unknown; one version claims it has existed since 2017. The researcher discovered a console window on a new gaming PC, traced the path to AMD’s auto‑update component, decompiled it, and found a link through which the program requests a list of available updates. The list is transmitted over HTTPS, but the drivers themselves are downloaded via HTTP without server authentication, file integrity checks, or protection against tampering.

Summary

* AMD’s auto‑update downloads drivers over an insecure HTTP connection.
* An attacker can replace the file and add malicious software with administrative rights.
* AMD has not confirmed a fix, and millions of users remain at risk.