Due to a partner disclosure, AMD has found itself in the unenviable position of having to confirm the existence of a major cybersecurity problem in its chip microcode before it could post a fix. But that headache is mild compared to those of their customers’ CISOs. Microcode often loads during startup and it can change chip capabilities.
Security specialists are recommending that CISOs consider extreme protective measures, including network isolation, possible air gapping, and ideally blocking all updates/patches until AMD fixes this problem.
After an AMD partner, PC manufacturer Asus, disclosed the cybersecurity hole within a published beta BIOS update, a disclosure that appears to have been accidental and that has already been yanked from public view, AMD decided to confirm the barest of details about the issue.
Source:: Network World