AMD patches critical Zen 5 microcode bug — partners deliver new BIOS with AGESA 1.2.0.3C

Ryzen 9000 CPU
(Image credit: AMD)

Motherboard vendors have started to deploy BIOS updates based on the AGESA 1.2.0.3C firmware. The new BIOS addresses a critical security vulnerability in AMD's Zen 5 chips found last month. This security flaw impacts Zen-based microprocessors across all product lines. While firmware updates patched Zen 1 to Zen 4, this vulnerability was only recently discovered with Zen 5.

According to AMD's security bulletin, the company relayed the updated firmware to motherboard vendors late last month. Due to the time each partner needs to integrate and validate new firmware for their unique BIOS on each motherboard model, we're only starting to see adoption now. So far, only MSI has the updated BIOS for some of its 800-series motherboards.

In addition to desktops, this vulnerability posed a risk to server-grade processors like AMD's Turin (EPYC 9005) family, potentially compromising their SEV and SEV-SNP protection technologies, which could allow unauthorized access to private data from virtual machines. As it stands, except for Fire Range (Ryzen 9000HX), mitigation is available for all CPUs from the Zen 5 family: Granite Ridge, Turin, Strix Point, Krackan Point, and Strix Halo.

This has several implications for the average user. A typical example can be BYOVD (Bring Your Own Vulnerable Driver) attacks, where hackers abuse vulnerabilities in trusted and signed kernel-level drivers to gain access to ring 0. If successful, this could be a stepping-stone to exploiting CPU vulnerabilities like EntrySign, allowing them to execute malicious microcode on your processor.

An example of this is when hackers discovered holes in Genshin Impact's (kernel-level) anti-cheat and distributed ransomware that targeted this flaw and achieved ring 0 access. In short, the safest approach is to keep an eye out for an upcoming BIOS update from your vendor that has been specified to use the AGESA 1.2.0.3C firmware.

Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.

Hassam Nasir
Contributing Writer

Hassam Nasir is a die-hard hardware enthusiast with years of experience as a tech editor and writer, focusing on detailed CPU comparisons and general hardware news. When he’s not working, you’ll find him bending tubes for his ever-evolving custom water-loop gaming rig or benchmarking the latest CPUs and GPUs just for fun.