Danny Weber
14:45 08-02-2026
© RusPhotoBank
Security researchers uncover a serious AMD driver update vulnerability in Windows, allowing attackers to inject malicious code via unsecured HTTP connections. Learn about the risks and precautions.
Security researchers have uncovered a serious vulnerability in AMD's Windows driver update system that could allow attackers to substitute updates and inject malicious code. The issue stems from the automatic driver update process using an unsecured HTTP connection instead of HTTPS at a certain point.
According to researcher Paul, after checking his new PC, he noticed odd system behavior—periodic console windows appearing without an obvious cause. Analysis traced the source to AMD's automatic driver updates. Further reverse engineering revealed that while the list of available updates downloads over secure HTTPS, the actual driver files are fetched via plain HTTP. This opens the door for attacks where a malicious actor could intercept traffic, swap files, and execute arbitrary code with administrative privileges.
What's particularly alarming is that the update process runs with elevated privileges. In theory, this could enable an attacker not just to infect the system but to gain full control over it. Paul says he reported the finding to AMD but received a formal response stating that man-in-the-middle attack scenarios fall outside the scope of considered threats. This has raised concerns that the issue might not be addressed promptly.
Adding to the intrigue, the researcher's detailed technical report has disappeared—his post was temporarily taken down "by request," sparking active discussion in the community. At the time of publication, AMD had not provided detailed comments or confirmed whether the vulnerability has been officially reproduced internally. Users are advised to be cautious with driver updates and, if possible, temporarily disable automatic updates until clarifications emerge.