安全研究人员发现 AMD 驱动更新为 HTTP，存在中间人篡改攻击风险

IT之家

Feb 07

IT之家 2 月 7 日消息，安全研究员保罗（Paul）发现，AMD 在 Windows 平台上的驱动程序自动更新程序存在高危安全漏洞，可能允许攻击者通过中间人攻击（MITM）植入恶意软件。简单来说，当检测到可用更新后，AMD 驱动更新器会通过未加密 HTTP 连接下载更新包，可能使攻击者通过劫持ati.com域名或下载内容，从而实现远程代码执行（更新进程具备管理员权限）。保罗称其已向 AMD ...

Source Link

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2609540010"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"isCrawlerRequest":true,"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2609540010\",edition:\"fundamental\",auth_exemption:1,,,undefined,":{"share":"https://ttm.financial/m/news/2609540010?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2026-02-07 22:31","share_image_url":"https://static.laohu8.com/9a95c1376e76363c1401fee7d3717173","id":"2609540010","market":"us","top_or_hot":-1,"title":"安全研究人员发现 AMD 驱动更新为 HTTP，存在中间人篡改攻击风险","media":"IT之家","content":"<div>\n<p>IT之家 2 月 7 日消息，安全研究员保罗（Paul）发现，AMD 在 Windows 平台上的驱动程序自动更新程序存在高危安全漏洞，可能允许攻击者通过中间人攻击（MITM）植入恶意软件。简单来说，当检测到可用更新后，AMD 驱动更新器会通过未加密 HTTP 连接下载更新包，可能使攻击者通过劫持ati.com域名或下载内容，从而实现远程代码执行（更新进程具备管理员权限）。保罗称其已向 AMD ...</p>\n\n<a href=\"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20260207223213a4885a16&s=b\">Source Link</a>\n\n</div>\n","source":"tencent","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>安全研究人员发现 AMD 驱动更新为 HTTP，存在中间人篡改攻击风险</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n安全研究人员发现 AMD 驱动更新为 HTTP，存在中间人篡改攻击风险\n</h2>\n\n<h4 class=\"meta\">\n\n\n2026-02-07 22:31 北京时间&nbsp;&nbsp;&nbsp;<a href=http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20260207223213a4885a16&s=b><strong>IT之家</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>IT之家 2 月 7 日消息，安全研究员保罗（Paul）发现，AMD 在 Windows 平台上的驱动程序自动更新程序存在高危安全漏洞，可能允许攻击者通过中间人攻击（MITM）植入恶意软件。简单来说，当检测到可用更新后，AMD 驱动更新器会通过未加密 HTTP 连接下载更新包，可能使攻击者通过劫持ati.com域名或下载内容，从而实现远程代码执行（更新进程具备管理员权限）。保罗称其已向 AMD ...</p>\n\n<a href=\"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20260207223213a4885a16&s=b\">Source Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"LU0889565833.HKD","symbol_name":"FRANKLIN TECHNOLOGY \"A\" (HKD) ACC","start_time":0,"source_url":"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20260207223213a4885a16&s=b","article_id":"2609540010","we_media_id":null,"thumbnails":[],"rights":{"source":"tencent","url":"http://gu.qq.com/resources/shy/news/detail-v2/index.html#/?id=nesSN20260207223213a4885a16&s=b","rn_cache_url":null,"customStyle":"body{padding-top:10px;}#news_title{font-weight:bold;#titleStyle#;}#news_description span{font-size:12px;#descriptionStyle#;}.footer-note{#statement#}","selectors":".mod-LoadTzbdNews, body","filters":".relate-stock, .hot-list, .recom-box, .wx-sou","directOrigin":true},"url":"https://stock-news.laohu8.com/highlight/detail?id=2609540010","pubTimestamp":1770474704,"columns":[],"sourceInfo":{"source_id":"tencent","name":"腾讯"},"weMediaInfo":null,"summary":"IT之家 2 月 7 日消息，安全研究员保罗 发现，AMD 在 Windows 平台上的驱动程序自动更新程序存在高危安全漏洞，可能允许攻击者通过中间人攻击植入恶意软件。保罗称其已向 AMD 提交漏洞报告，但对方回复较为模板化，仅称“中间人攻击不在范围内”，暗示该问题可能不会被修复。截至IT之家发稿时，AMD 方面仍未就此提供进一步回应，目前尚不清楚 AMD 是否已直接验证该漏洞。","collect":0,"end_time":0,"defaultTopTitle":"qq.com","property":[],"viewcount":null,"language":"zh","relate_stocks":{"LU0889565833.HKD":"FRANKLIN TECHNOLOGY \"A\" (HKD) ACC","BK4612":"AI芯片","BK4614":"Manus概念股","LU0823421333.USD":"BNP PARIBAS DISRUPTIVE TECHNOLOGY \"C\" (USD) ACC","LU0056508442.USD":"贝莱德世界科技基金A2","LU0390134368.USD":"FRANKLIN GLOBAL GROWTH \"A\" (USD) ACC","AMUU":"2倍做多AMD ETF-Direxion","BK4588":"碎股","LU1303367103.USD":"摩根大通多经理另类基金 A (acc)","LU2054465674.USD":"UBS (LUX) KEY SELEC SICAV DIGITAL TRANSFORMATION T \"P\" (USD) ACC","BK4605":"半导体精选","LU1316542783.SGD":"Janus Henderson Horizon Global Technology Leaders A2 SGD","AMDW":"Roundhill AMD WeeklyPay ETF","LU1242518857.USD":"FULLERTON LUX FUNDS - ASIA ABSOLUTE ALPHA \"I\" (USD) ACC","LU0823421416.USD":"BNP PARIBAS DISRUPTIVE TECHNOLOGY \"C\" (USD) INC","AMDU":"Defiance Leveraged Long + Income AMD ETF","LU0109392836.USD":"富兰克林科技股A","LU2098885051.SGD":"JPMorgan Funds - Multi-Manager Alternatives A (acc) SGD","LU1852331112.SGD":"Blackrock World Technology Fund A2 SGD-H","LU2458330169.SGD":"FRANKLIN SHARIAH TECHNOLOGY \"A\" (SGD) ACC","LU1880398471.USD":"AMUNDI FUNDS GLOBAL EQUITY \"A2\" (USD) ACC","LU1880398554.USD":"AMUNDI FUNDS GLOBAL EQUITY \"A2\" (USD) INC","LU0823434583.USD":"BNP PARIBAS US GROWTH \"C\" (USD) ACC","AMDD":"1倍做空AMD ETF-Direxion","LU2458330243.SGD":"FRANKLIN SHARIAH TECHNOLOGY \"A-H1\" (SGDHDG) ACC","BK4573":"虚拟现实","LU2250418816.HKD":"BGF WORLD TECHNOLOGY \"A\" (HKD) ACC","IE0004445239.USD":"JANUS HENDERSON US FORTY \"A2\" (USD) ACC","LU1064131342.USD":"Fullerton Lux Funds - Global Absolute Alpha A Acc USD","AMDY":"AMD期权收益策略ETF-YieldMax","LU1861558580.USD":"日兴方舟颠覆性创新基金B","BK4554":"元宇宙及AR概念","LU1951198990.SGD":"Natixis Thematics AI & Robotics Fund H-R/A SGD-H","LU1988902786.USD":"FULLERTON LUX FUNDS GLOBAL ABSOLUTE ALPHA \"I\" (USD) ACC","AMDL":"2倍做多AMD ETF-GraniteShares","BK4532":"文艺复兴科技持仓","IE00B5949003.HKD":"JANUS HENDERSON GLOBAL TECHNOLOGY AND INNOVATION \"A\" (HKD) ACC","LU0823434740.USD":"BNP PARIBAS US GROWTH \"C\" (USD) INC","LU0642271901.SGD":"Janus Henderson Horizon Global Technology Leaders A2 SGD-H","BK4512":"苹果概念","BK4543":"AI","LU1951200564.SGD":"Natixis Thematics AI & Robotics Fund R/A SGD","LU0274383776.USD":"MANULIFE GF US SMALL CAP EQUITY \"AA\" (USD) INC","LU2360106780.USD":"BGF WORLD TECHNOLOGY \"A4\" (USD) INC","LU0127658192.USD":"EASTSPRING INVESTMENTS GLOBAL TECHNOLOGY \"A\" (USD) ACC","LU2089985449.USD":"MANULIFE GF GLOBAL SEMICONDUCTOR OPPORTUNITIES \"AA\" (USD) ACC","LU1242518931.SGD":"Fullerton Lux Funds - Asia Absolute Alpha A Acc SGD","LU2355687059.USD":"NORDEA 1 GLOBAL IMPACT  \"BP\" (USD) ACC","IE0009356076.USD":"JANUS HENDERSON GLOBAL TECHNOLOGY AND INNOVATION \"A2\" (USD) ACC","LU0082616367.USD":"摩根大通美国科技A（dist）","BK4585":"ETF&股票定投概念","LU0719512351.SGD":"JPMorgan Funds - US Technology A (acc) SGD","LU1803068979.SGD":"FTIF - Franklin Technology A (acc) SGD-H1","BK4141":"半导体产品","BK4534":"瑞士信贷持仓","LU2931357623.SGD":"MANULIFE GF GLOBAL SEMICONDUCTOR OPPORTUNITIES \"AA\" (SGDHDG) ACC","LU0979878070.USD":"FULLERTON LUX FUNDS - ASIA ABSOLUTE ALPHA \"A\" (USD) ACC","LU1923623000.USD":"Natixis Thematics AI & Robotics Fund R/A USD","LU1989764664.SGD":"CPR Invest - Global Disruptive Opportunities A2 Acc SGD-H","IE00BMPRXR70.SGD":"Neuberger Berman 5G Connectivity A Acc SGD-H","BK4529":"IDC概念","IE00BMPRXN33.USD":"NEUBERGER BERMAN 5G CONNECTIVITY \"A\" (USD) ACC","BK4575":"芯片概念","BK4566":"资本集团","LU0198837287.USD":"UBS (LUX) EQUITY SICAV - USA GROWTH \"P\" (USD) ACC","LU0081259029.USD":"UBS (LUX) EQUITY FUND - TECH OPPORTUNITY \"P\" (USD) ACC","AMYY":"GraniteShares YieldBOOST AMD ETF","LU1861559042.SGD":"日兴方舟颠覆性创新基金B SGD","DAMD":"2倍做空AMD ETF-Defiance","AMD":"美国超微公司","AMDG":"2倍做多AMD ETF- Leverage Shares","LU2264538146.SGD":"Fullerton Lux Funds - Global Absolute Alpha A Acc SGD"},"translate_title":"Security researchers find AMD driver update to HTTP, risk of man-in-the-middle tampering attack","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"AMDL":0.6,"AMDD":0.6,"AMDU":0.6,"AMYY":0.6,"AMUU":0.6,"AMDG":0.6,"AMDW":0.6,"DAMD":0.6,"AMD":1.95,"AMDY":0.6},"content_text":"IT之家 2 月 7 日消息，安全研究员保罗（Paul）发现，AMD 在 Windows 平台上的驱动程序自动更新程序存在高危安全漏洞，可能允许攻击者通过中间人攻击（MITM）植入恶意软件。简单来说，当检测到可用更新后，AMD 驱动更新器会通过未加密 HTTP 连接下载更新包，可能使攻击者通过劫持ati.com域名或下载内容，从而实现远程代码执行（更新进程具备管理员权限）。保罗称其已向 AMD 提交漏洞报告，但对方回复较为模板化，仅称“中间人攻击不在范围内”，暗示该问题可能不会被修复。保罗进一步描述其技术分析过程称，他在新购置的 PC 上注意到系统会无故弹出一个控制台窗口，随后追踪发现与 AMD 自动更新器有关。他随后对该软件进行逆向，并找到了更新器获取可用更新列表的链接。该链接的命名中出现了“Devlpment”字样。据称，AMD 虽然更新列表是通过 HTTPS 链接请求获取的，但实际下载驱动包时使用的是标准 HTTP 链接，而非 HTTPS。他表示，目前难以判断这种更新分发方式持续了多久。他在分析中提到，相关自动更新器可能可追溯至 2017 年左右，但无法确定当前下载处理逻辑何时被投入使用。截至IT之家发稿时，AMD 方面仍未就此提供进一步回应，目前尚不清楚 AMD 是否已直接验证该漏洞。另外，保罗博客文章“因收到请求”被下架，虽然他本人澄清“下架是暂时的”，但该事件仍在网上引发广泛关注。","kind":"news","is_publish_news":true,"is_publish_highlight":false,"is_publish_live":false,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"policyRegulatory","news_rank":0,"symbols":[],"gpt_button":1,"need_auth":false,"code":"91000000","status":"200"}}}