Background
In 2026, as artificial intelligence reshapes daily life, a seemingly mundane component of many PCs—AMD's Windows driver auto‑updater—has drawn attention for a critical security oversight. The updater, originally introduced around 2017, fetches driver packages from AMD's servers without using encrypted connections.
What the researcher discovered
Security researcher “Paul,” a Kiwi enthusiast, noticed an unexpected console window on his gaming rig. Tracing the source led him to AMD's auto‑updater, which retrieves a list of updates via an HTTPS endpoint but downloads the actual driver binaries over plain HTTP. This lack of encryption removes both server identity verification and data integrity protection.
Potential attack vectors
- DNS hijacking or hosts‑file manipulation to redirect the
ati.comdomain to a malicious server. - Network‑level man‑in‑the‑middle (MITM) attacks that intercept and alter the HTTP driver payloads.
- Compromised Wi‑Fi networks automatically used by many users, facilitating silent injection of malicious drivers.
Impact and scope
AMD hardware is installed in millions of PCs worldwide. If the insecure download mechanism has been active for up to a decade, the attack surface encompasses a vast number of systems that may have received tampered drivers without any integrity checks.
Response from AMD
According to Paul, AMD’s reply classified MITM scenarios as “out of scope” for their bug bounty program, implying no immediate fix or reward. The company has not publicly confirmed the vulnerability, and the original blog post detailing the findings was temporarily taken down.
Recommendations for users
- Manually verify driver sources: download updates directly from AMD’s official website using HTTPS.
- Disable automatic driver updates in Windows Settings or via AMD’s Radeon Settings if possible.
- Employ network security tools (e.g., DNS over HTTPS, VPNs, host‑based firewalls) to mitigate MITM risks.
- Monitor AMD’s security advisories for any future patches addressing the issue.