A high-severity vulnerability has been identified in AMD StoreMI™ software, which stems from incorrect default security permissions. This flaw could allow a local attacker with basic user access to escalate their privileges, potentially gaining full administrative control of the system and executing arbitrary code. This poses a significant risk to the confidentiality, integrity, and availability of affected systems.

The vulnerability exists due to improper default permissions set on files or directories used by the AMD StoreMI™ software during its installation or operation. A low-privileged local user can modify or replace a legitimate application component within the StoreMI program folders with a malicious payload. When a high-privileged process associated with StoreMI attempts to execute this component, the attacker's malicious code is executed with elevated system-level permissions, leading to a full system compromise.

This vulnerability is rated as High severity with a CVSS score of 7.3. Successful exploitation could lead to a complete loss of confidentiality, integrity, and availability on the affected endpoint. An attacker could install persistent malware, exfiltrate sensitive data, deploy ransomware, disrupt critical operations, or use the compromised machine as a pivot point to move laterally across the corporate network. The direct business risks include data breaches, financial loss from operational downtime, and reputational damage.

Immediate Action: The primary remediation step is to identify all systems running the vulnerable AMD StoreMI™ software and immediately apply the security patches provided by AMD. As a secondary measure, administrators should manually review the file and directory permissions for the StoreMI installation and ensure they are hardened to prevent modification by non-administrative users, adhering to the principle of least privilege.

Proactive Monitoring: Monitor for any unauthorized or unusual file modifications within the AMD StoreMI™ installation directories. Security teams should configure endpoint detection and response (EDR) systems to alert on suspicious process creation originating from StoreMI services, particularly if those processes are running with elevated privileges (e.g., as SYSTEM). Review system security logs for events indicative of privilege escalation attempts.

Compensating Controls: If immediate patching is not feasible, implement compensating controls. Use application control solutions, such as Windows AppLocker or third-party tools, to prevent the execution of unauthorized executables from the affected AMD directories. Restrict interactive logon access to essential personnel on systems where the vulnerable software is installed to reduce the attack surface.

Public Exploit Available: false

Given the high severity (CVSS 7.3) and the potential for complete system compromise, this vulnerability presents a significant risk. Although it is not currently listed on the CISA KEV list and lacks a public exploit, its nature as a local privilege escalation makes it a prime target for post-compromise activities. We strongly recommend that organizations prioritize the identification of all affected assets and deploy the vendor-supplied patches without delay to prevent potential exploitation.