Stories
Slash Boxes
Comments

SoylentNews is people

New Intel Management Engine Bugs

posted by martyb on Tuesday July 31 2018, @10:18AM   Printer-friendly
from the how-do-you-turn-it-off? dept.

An Anonymous Coward writes:

Not that anyone is surprised or even cares but two more severe bugs have been found in the Intel Management Engine firmware. They allow remote execution with full privileges:

https://nvd.nist.gov/vuln/detail/CVE-2018-3627
https://nvd.nist.gov/vuln/detail/CVE-2018-3628

An article about these vulnerabilities on Tech Republic provides summaries and lists the affected processors.

Original Submission

 
This discussion has been archived. No new comments can be posted.
New Intel Management Engine Bugs | Log In/Create an Account | Top | 45 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Anonymous Coward on Tuesday July 31 2018, @10:33AM (4 children)

    by Anonymous Coward on Tuesday July 31 2018, @10:33AM (#715122)

    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html [intel.com]
    https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00118.html [intel.com]

    Starting Score:    0  points
    Moderation   +3  
       Informative=3, Total=3
    Extra 'Informative' Modifier   0  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Tuesday July 31 2018, @05:12PM (2 children)

    by Anonymous Coward on Tuesday July 31 2018, @05:12PM (#715288)

    alright... its 6.5hrs later, none of the posters seem to have read the details of the neat and easy to verify subnet-takeover exploit while the top-rated post is about cars.

    • (Score: 2) by The Mighty Buzzard on Tuesday July 31 2018, @07:19PM

      by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Tuesday July 31 2018, @07:19PM (#715343) Homepage Journal

      I dunno about the rest of them but I don't particularly care about the details. I'm using pre-PSP AMD chips in all my local boxen still. And likely will be as long as they live or I can get replacement parts. Or until RISC-V becomes a viable alternative.

      --
      My rights don't end where your fear begins.

    • (Score: 4, Insightful) by requerdanos on Tuesday July 31 2018, @07:50PM

      by requerdanos (5997) Subscriber Badge on Tuesday July 31 2018, @07:50PM (#715362) Journal

      alright... its 6.5hrs later, none of the posters seem to have read the details of the neat and easy to verify subnet-takeover exploit while the top-rated post is about cars.

      I wouldn't say no one's read the details; merely that no one's posted about them here, and no wonder. For BOTH of those links, the official Intel "Summary" reads as follows:

      In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine (Intel® CSME), Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience.

      For convenience, I have highlighted the parts that are either empty buzzwords or outright lies in italic text that the reader may more easily identify threats to their personal and/or organizational security (i.e., all of them).

      Because "continuously enhanced firmware resilience" of Intel's full-privilege rootkit on your computer means simply that they want to hold their own hands more firmly to your throat, as opposed to someone else's, the details that follow that are interesting, sure, but aren't the bigger story. As such, those security details might be less closely followed than the overarching privacy story.

  • (Score: 0) by Anonymous Coward on Thursday August 02 2018, @07:17AM

    by Anonymous Coward on Thursday August 02 2018, @07:17AM (#716100)

    This really amounts only to Not guilty, your Honor!

    Sure, it's one side to be considered but certainly not to be given undue weight.