Scoopfeeds — Intelligent news, curated.
computer-science

The RCE that AMD wouldn't fix

Hacker News · Jun 11, 2026, 4:03 PM

Key takeaways

  • After being interrupted multiple times by an annoying console window that would pop up periodically on my new gaming PC, I managed to track the offending executable down to AMD s Auto Update software.
  • In my frustration, I decided to punish this software by decompiling it to figure out how it worked, and accidentally discovered a trivial Remote Code Execution (RCE) vulnerability in the process.
  • The first thing I found is that they store their update URL in the program s app.config.

After being interrupted multiple times by an annoying console window that would pop up periodically on my new gaming PC, I managed to track the offending executable down to AMD s Auto Update software.

In my frustration, I decided to punish this software by decompiling it to figure out how it worked, and accidentally discovered a trivial Remote Code Execution (RCE) vulnerability in the process.

The first thing I found is that they store their update URL in the program s app.config. Although it s a little odd that they use their Develpment URL in production, it uses HTTPS, so it s perfectly safe.

Article preview — originally published by Hacker News. Full story at the source.
Read full story on Hacker News → More top stories

More in computer-science

Ars Technica
After nearly breaking, NASA's Deep Space Network "worked well" on Artemis II
Ars Technica
F1 teams spend millions on their simulators—what makes them different?
Hacker News
Show HN: A police department for your Claude Code agents
TechCrunch
Meta’s Edits app is getting an AI assistant and a desktop version
Ars Technica
Did Iron Age Britons remove brains of the dead?
Aggregated and edited by the Scoop newsroom. We surface news from Hacker News alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop