If you’re using an AMD CPU, you’ll want to install its latest security update. That is, if you can.

A nearly two-decade old vulnerability found in AMD silicon could expose millions of computers worldwide with near undetectable malware, but AMD is issuing patches to resolve the issue.

An AMD Ryzen eight-core processor in the socket

Which is great—if your CPU is able to receive the security patch. Otherwise, you’re plum out of luck.

What Is the AMD Sinkhole CPU Vulnerability?

Firstrevealed at Def Con 2024by security researchers Enrique Nissim and Krzysztof Okupski, the AMD Sinkhole vulnerability could allow attackers to modify System Management Mode (SMM)settings, skirting all existing protections.

If exploited, the malware installed would be effectively undetectable, as no antivirus or antimalware tool can detect malicious code running in the very depths of a CPU. SMM is one of the deepest operating modes of a CPU, used by the BIOS/UEFI for power and hardware control. As the CPU is at the core of the computer, it could enable access to other vital components and information.

However, taking advantage of this vulnerability isn’t a simple process. It requires kernel-level access to the machine, which requires a different attack to begin with, in what’s known as “Ring 0 privilege.” Once established on the device, the attacker can attempt to enable “Ring -2 privileges,” taking over almost complete control of the device. It’s the Ring -2 privilege level that enables access to the SMM settings, which are normally completely isolated from the operating system such is their level of importance.

Install AMD’s BIOS Security Patch

AMD’s SMM Lock Bypass security noticedetails its affected CPUs:

It’s quite the list, covering almost all AMD CPUs from the past decade or so. As the vulnerability went undetected for nearly 20 years, it covers a huge range of AMD CPUs, too, from general computers to servers and so on. You’ll also note that AMD’s latest processors, like itsnew 9000-Series CPUs, are not on the list. Although not confirmed, I’d assume they were patched before release.

AMD has already launched a BIOS/UEFI firmware patch to manufacturers for most modern CPUs—but toldTom’s Hardwarethat some “older products are outside our software support window.” However, AMD does not expect any performance issues for affected machines, which is a positive.

This means that AMD Ryzen 1000, 2000, and 3000 Series CPUs won’t receive a Sinkclose patch. Whether that means you want to upgrade or leave AMD entirely is down to your risk level. Given this exploit is likely extremely difficult to take full advantage of, you’re not likely to need to upgrade tomorrow. But it could be worth considering when it comes to your next PC upgrade.