Welcome to WebmasterWorld Guest from 54.163.210.170

Forum Moderators: open

Featured Home Page Discussion

Intel Critical Vulnerability in Desktop and Server Chipsets

     
6:11 pm on Nov 22, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24819
votes: 624


Intel has said its Management Engine (ME), Server Platform Services (SPS) and Triusted Execution Engine (TXE) are all vulnerable to security flaws.

Malicious and hijacked systems can allow hackers with administrator privileges to run code under the OS so that valid admins cannot see the processes running.
I understand that Intel has issued a fix, and you can check your systems with the detection tool.
[downloadcenter.intel.com...]

The processor chipsets affected by the flaws are as follows:

  • 6th, 7th and 8th Generation Intel Core processors
  • Intel Xeon E3-1200 v5 and v6 processors
  • Intel Xeon Scalable processors
  • Intel Xeon W processors
  • Intel Atom C3000 processors
  • Apollo Lake Intel Atom E3900 series
  • Apollo Lake Intel Pentiums
  • Celeron N and J series processors

  • [theregister.co.uk...]

    Intel's advisory [security-center.intel.com...]
    11:14 am on Nov 24, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:2715
    votes: 102


    Interesting that this should come out so soon after the nature of IME was revealed.
    11:44 am on Nov 26, 2017 (gmt 0)

    Moderator from US 

    WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Sept 26, 2001
    posts:10221
    votes: 578


    Anyone run either of the detection tools and found positive results?

    If so, what next steps did you take?
    6:10 pm on Nov 26, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:2715
    votes: 102


    I got negative so far, not run it on everything yet though.
    8:21 pm on Nov 26, 2017 (gmt 0)

    Moderator

    WebmasterWorld Administrator ergophobe is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

    joined:Apr 25, 2002
    posts:8557
    votes: 240


    Negative here on the one computer I checked
    5:03 am on Nov 28, 2017 (gmt 0)

    Senior Member

    WebmasterWorld Senior Member 10+ Year Member

    joined:Feb 20, 2002
    posts: 813
    votes: 1


    I have a positive hit for vulnerability on my Dell XPS9550. According to the Dell Website the release date for a patch is still "TBD". Awesome!
    5:43 pm on Nov 28, 2017 (gmt 0)

    Preferred Member

    10+ Year Member

    joined:Feb 5, 2004
    posts: 366
    votes: 12


    It is not clear to me... does this vulnerability come in to play after the hacker gains access to your system via some other means

    OR

    the vulnerability can give admin access to a hacker if they know how to exploit it?
    1:06 pm on Nov 29, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:2715
    votes: 102


    The vulnerability gives a hack root access to the other OS that Intel has helpfully installed without telling anyone.

    You cannot update this, you may be able to remove it if you have an older machine, although you can disable it. You cannot see it, nor do you have root access to it yourself, nor can you restrict its access to your hardware, and it can run when the main OS is suspended.
    2:45 pm on Nov 29, 2017 (gmt 0)

    Preferred Member

    10+ Year Member

    joined:Feb 5, 2004
    posts: 366
    votes: 12


    So there is nothing we can do until a BIOS firmware is available for our PCs?

    is this something a hacker can access from the internet or can these type of requests be blocked by the router?
    2:16 pm on Dec 1, 2017 (gmt 0)

    Senior Member from GB 

    WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

    joined:Nov 16, 2005
    posts:2715
    votes: 102


    The last thing I read is that there are not known remote exploits, but it lets someone escalate a remote exploit to better than root access.
     

    Join The Conversation

    Moderators and Top Contributors

    Hot Threads This Week

    Featured Threads

    Free SEO Tools

    Hire Expert Members