DigiNews

Summary

Gadget Review reports on AMD’s handling of a critical HTTP-based vulnerability in the Windows auto-updater, including a remote code execution flaw that researchers could exploit via a man-in-the-middle attack. The article notes that the researcher was not paid the $10,000 bug bounty despite the finding, and that the fix took 124 days to deploy. It also highlights that the update validation still relies on CRC32 rather than cryptographic signatures, criticizing both the disclosure timeline and the bounty policy.