I've figured out what's wrong with the auto updater.

• Decompiling the EXE in a .net decompiler shows it tries to download https://www2.ati.com/drivers/patch/ec1b73b4-bc2a-4ca1-8431-c514730dbd90/versioninfo.xml using WebClient::DownloadFileAsync.
  • Hilariously "C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe.config" shows that this URL is the "Develpment" URL, with the "Production" URL of https://www2.ati.com/drivers/patch/837dd3a7-1a61-4649-8725-5ba8f7e6865a/versioninfo.xml commented out.
• This URL redirects to https://drivers.amd.com/drivers/patch/ec1b73b4-bc2a-4ca1-8431-c514730dbd90/versioninfo.xml.
  • WebClient does not follow the 301 redirect and saves an empty file to disk.
• Consequently when XmlDocument::Load opens this empty file, it errors out, logs the error... and the app never exits!

In my opinion the following fixes need to be made:

• Replace the 301 redirect with the contents of the file?
• Change AMDAutoUpdate.exe to follow the redirect (does not fix existing installations of the updater which can't follow the redirect)
• Edit versioninfo.xml to not supply downloads over HTTP URLs which can be intercepted and replaced with malware!!!

The only reason AMDAutoUpdate.exe isn't already an exploit vector is because it coincidentally fails to download a file with insecure links!