Wednesday, December 19th 2012

AMD to Get Rid of Catalyst Auto-Update Feature in 2013, Cites Security Concerns

It looks like somebody found a security vulnerability in the auto-update feature of AMD Catalyst Control Center (CCC), which notifies you of updates to Catalyst system software and directs you to the download page. AMD announced that it plans to discontinue the feature starting in 2013, and recommends that you get your driver updates the old-fashioned way: by keeping up with the news and getting your drivers from the internet. Due to the severity of the exploit, AMD recommended users to disable auto-updates in their current CCC configuration, or click on "skip" whenever it prompts you to update drivers. AMD stated:
AMD will be removing the auto-update notification functionality from versions of AMD Catalyst Control Center running under Windows Vista, Windows 7 and Windows 8, beginning in early 2013. Due to a minor security vulnerability in the auto-update notification, users are recommended to update to the latest AMD Catalyst driver release from the amd.com web site. Alternatively, users should (i) uncheck the "Automatically check for updates" option under AMD Catalyst Control Center > Information > Software Update, and (ii) choose to "Skip" notifications from the AMD Catalyst driver, which notifications recommend updating to the latest driver.
Add your own comment

33 Comments on AMD to Get Rid of Catalyst Auto-Update Feature in 2013, Cites Security Concerns

#1
Recus
B... But auto update is industry standard.
Posted on Reply
#2
RejZoR
AMD reacted to the problem the same way as if you'd cut your arm off to prevent a finger wound infection... lol
Posted on Reply
#3
INSTG8R
by: RejZoR
AMD reacted to the problem the same way as if you'd cut your arm off to prevent a finger wound infection... lol
True enough. But I bet they have data on how much it is actually used and it probably wasn't very much. So taking it out is probably saving them some bandwidth, programming etc. Why waste resources on a rarely used feature especially if it can actually be a vulnerability.
Posted on Reply
#4
RejZoR
Yeah, well if it was a waste of our time it was because of them. I never got the notification the same day new drivers were released. It always took week or two...
Posted on Reply
#5
Mussels
Moderprator
they should work on getting the monthly updates in windows update instead.
Posted on Reply
#6
RCoon
Forum Gypsy
by: TheMailMan78
Never installed a driver that gave me a virus unlike you I assume.
What TMM means is he just jumped on the NVidia bandwagon and sees it as an opportunity to bitch about something that never happened to him, trying to reaffirm his choice of graphics to himself. I did the same back when i got two 570's. I've personally never known anyone to get virused from the AMD autoupdate feature, but at least they announced their shortcomings in total honesty, I'm still happy with my gfx cards and drivers.
Posted on Reply
#7
cadaveca
My name is Dave
Glad to see that acknowledged the problem.
Posted on Reply
#8
eidairaman1
by: Ravenas
I recall numerous times I have gotten Windows asking me to update my AMD drivers through Windows Update.
yup and its not recommended to use that function.

I just think AMD doesnt want to deal with trying to ensure control of auto update function by having to patch it. (might lead the link to another site with bogus drivers/malicious code).

It was nice while it lasted- never had issues updating my bros machine which started off with 11.9 drivers, now have 12.10s installed
Posted on Reply