The RCE that AMD wouldn’t fix
Summary
A researcher reports a remote code execution vulnerability in AMD's AutoUpdate caused by HTTP URLs in the update XML and a lack of proper verification. The piece discusses bug bounty scope, disclosure delays, and AMD's eventual CVE and patch, illustrating risks in auto-update mechanisms and the impact on SMB IT environments.