AMD Zen CPUs have dangerous vulnerabilities.
With control of the microcode, hackers can perform many sophisticated attacks, such as modifying the RDRAND instruction to generate fake random numbers, or even installing undetectable malware.
To aid in researching and fixing the vulnerability, Google has released zentool, an open-source 'cracking' toolkit that allows researchers to create, sign, and deploy custom microcode patches on vulnerable CPUs.
AMD responded quickly by releasing microcode updates that replaced the compromised authentication process with a custom secure hash function. Users are advised to update their CPU microcode to the latest version as soon as possible to protect their systems from potential attacks.
The EntrySign vulnerability is a reminder of the importance of ensuring hardware security, especially in the face of increasingly sophisticated cyberattacks.