| It's not. Microcode (insofar as how the term is used for x86/AMD) controls the operation of the CPU itself and the implementation of certain CPU instructions that aren't hardwired. It's too low-level to do things on its own like send a copy of RAM through a network adapter, etc. Nonetheless, if you could manage to reverse engineer the microcode (which is likely different per CPU manufacturer and microarchitecture), and decrypt it (I do know AMD's microcode was not encrypted for a time, but is now), you could probably alter the behavior of some CPU instructions. Maybe you could manipulate some CPU instructions into allowing code to be executed where it wouldn't previously be executed, e.g. ignoring privilege checks, etc. and maybe you could do it without introducing side effects and causing existing code to misbehave or crash. However it's a thousand times easier to modify the actual code the CPU is executing from RAM somehow - through OS vulnerabilities, etc. Any CPU code is either going to be running in kernel mode with full privileges or eventually interacting with code that does through some sort of interface. Operating system code is either available (open source) or widely distributed (Windows). Modern software development is further and further abstracted away from real hardware with ever increasing layers which are also either open source or widely distributed. The possibility for finding human error somewhere in this scheme is vastly more likely to produce useful vulnerabilities - not the CPU microcode which is completely unknown, undocumented, encrypted, changes which each CPU, and updates thereof provided by the manufacturer. |