Intel Critical Vulnerability in Desktop and Server Chipsets

Forum Moderators: open

Message Too Old, No Replies

Intel Critical Vulnerability in Desktop and Server Chipsets

engine

6:11 pm on Nov 22, 2017 (gmt 0)

Intel has said its Management Engine (ME), Server Platform Services (SPS) and Triusted Execution Engine (TXE) are all vulnerable to security flaws.

Malicious and hijacked systems can allow hackers with administrator privileges to run code under the OS so that valid admins cannot see the processes running.
I understand that Intel has issued a fix, and you can check your systems with the detection tool.
[downloadcenter.intel.com...]

The processor chipsets affected by the flaws are as follows:

6th, 7th and 8th Generation Intel Core processors
Intel Xeon E3-1200 v5 and v6 processors
Intel Xeon Scalable processors
Intel Xeon W processors
Intel Atom C3000 processors
Apollo Lake Intel Atom E3900 series
Apollo Lake Intel Pentiums
Celeron N and J series processors

[theregister.co.uk...]

Intel's advisory [security-center.intel.com...]

graeme_p

11:14 am on Nov 24, 2017 (gmt 0)

Interesting that this should come out so soon after the nature of IME was revealed.

keyplyr

11:44 am on Nov 26, 2017 (gmt 0)

Anyone run either of the detection tools and found positive results?

If so, what next steps did you take?

graeme_p

6:10 pm on Nov 26, 2017 (gmt 0)

I got negative so far, not run it on everything yet though.

ergophobe

8:21 pm on Nov 26, 2017 (gmt 0)

Negative here on the one computer I checked

Chico_Loco

5:03 am on Nov 28, 2017 (gmt 0)

I have a positive hit for vulnerability on my Dell XPS9550. According to the Dell Website the release date for a patch is still "TBD". Awesome!

JesterMagic

5:43 pm on Nov 28, 2017 (gmt 0)

It is not clear to me... does this vulnerability come in to play after the hacker gains access to your system via some other means

OR

the vulnerability can give admin access to a hacker if they know how to exploit it?

graeme_p

1:06 pm on Nov 29, 2017 (gmt 0)

The vulnerability gives a hack root access to the other OS that Intel has helpfully installed without telling anyone.

You cannot update this, you may be able to remove it if you have an older machine, although you can disable it. You cannot see it, nor do you have root access to it yourself, nor can you restrict its access to your hardware, and it can run when the main OS is suspended.

JesterMagic

2:45 pm on Nov 29, 2017 (gmt 0)

So there is nothing we can do until a BIOS firmware is available for our PCs?

is this something a hacker can access from the internet or can these type of requests be blocked by the router?

graeme_p

2:16 pm on Dec 1, 2017 (gmt 0)

The last thing I read is that there are not known remote exploits, but it lets someone escalate a remote exploit to better than root access.