Welcome to WebmasterWorld Guest from 34.204.189.171

Forum Moderators: open

Message Too Old, No Replies

Intel Critical Vulnerability in Desktop and Server Chipsets

     
6:11 pm on Nov 22, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26372
votes: 1035


Intel has said its Management Engine (ME), Server Platform Services (SPS) and Triusted Execution Engine (TXE) are all vulnerable to security flaws.

Malicious and hijacked systems can allow hackers with administrator privileges to run code under the OS so that valid admins cannot see the processes running.
I understand that Intel has issued a fix, and you can check your systems with the detection tool.
[downloadcenter.intel.com...]

The processor chipsets affected by the flaws are as follows:

  • 6th, 7th and 8th Generation Intel Core processors
  • Intel Xeon E3-1200 v5 and v6 processors
  • Intel Xeon Scalable processors
  • Intel Xeon W processors
  • Intel Atom C3000 processors
  • Apollo Lake Intel Atom E3900 series
  • Apollo Lake Intel Pentiums
  • Celeron N and J series processors

  • [theregister.co.uk...]

    Intel's advisory [security-center.intel.com...]
    11:14 am on Nov 24, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:3002
    votes: 207


    Interesting that this should come out so soon after the nature of IME was revealed.
    11:44 am on Nov 26, 2017 (gmt 0)

    Senior Member from US 

    WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Sept 26, 2001
    posts:12913
    votes: 893


    Anyone run either of the detection tools and found positive results?

    If so, what next steps did you take?
    6:10 pm on Nov 26, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:3002
    votes: 207


    I got negative so far, not run it on everything yet though.
    8:21 pm on Nov 26, 2017 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Apr 25, 2002
    posts:8639
    votes: 283


    Negative here on the one computer I checked
    5:03 am on Nov 28, 2017 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Feb 20, 2002
    posts: 813
    votes: 1


    I have a positive hit for vulnerability on my Dell XPS9550. According to the Dell Website the release date for a patch is still "TBD". Awesome!
    5:43 pm on Nov 28, 2017 (gmt 0)

    Preferred Member

    10+ Year Member Top Contributors Of The Month

    joined:Feb 5, 2004
    posts: 609
    votes: 98


    It is not clear to me... does this vulnerability come in to play after the hacker gains access to your system via some other means

    OR

    the vulnerability can give admin access to a hacker if they know how to exploit it?
    1:06 pm on Nov 29, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:3002
    votes: 207


    The vulnerability gives a hack root access to the other OS that Intel has helpfully installed without telling anyone.

    You cannot update this, you may be able to remove it if you have an older machine, although you can disable it. You cannot see it, nor do you have root access to it yourself, nor can you restrict its access to your hardware, and it can run when the main OS is suspended.
    2:45 pm on Nov 29, 2017 (gmt 0)

    Preferred Member

    10+ Year Member Top Contributors Of The Month

    joined:Feb 5, 2004
    posts: 609
    votes: 98


    So there is nothing we can do until a BIOS firmware is available for our PCs?

    is this something a hacker can access from the internet or can these type of requests be blocked by the router?
    2:16 pm on Dec 1, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member graeme_p is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:3002
    votes: 207


    The last thing I read is that there are not known remote exploits, but it lets someone escalate a remote exploit to better than root access.