A new attack on the TPM security module inside many popular Ryzen processors has prompted AMD to send out a new firmware update to its customers, along with a recommendation that you update your PC as soon as possible.

AMD’s security notification (as seen by VideoCardz over the weekend) refers to a discovery made by the Trusted Computing Group’s Vulnerability Response Team. Basically, it says that an application can send commands to a Trusted Platform Module — which secures various functions on your PC, including cryptographic keys — which can expose data stored on the TPM itself. The notification doesn’t say whether the attacker needs to have physical access to your PC or not, but it’s better to be safe than sorry.

The processors affected date back to the Ryzen 3000 desktop and mobile family of chips, AMD’s Ryzen AI 300 (Strix Point) as well as the Threadripper family of products, as well. AMD’s AGESA 1.2.0.3e firmware update addresses the problem, and you’ll need to download that update from either your laptop manufacturer or the manufacturer of your desktop PC’s motherboard.

While it’s unlikely that any specific attacker is targeting your individual PC, it’s still advised to update. VideoCardz reports that the new firmware is being released without the ability to roll back to prior versions, which indicates its severity.

VideoCardz is also reporting that the new update hints at the presence of a Ryzen 7 9700F, a Ryzen 9000 CPU without integrated graphics.

Author: Mark Hachman, Senior Editor, PCWorld