Not that anyone is surprised or even cares but two more severe bugs have been found in the Intel Management Engine firmware. They allow remote execution with full privileges:
https://nvd.nist.gov/vuln/detail/CVE-2018-3627
https://nvd.nist.gov/vuln/detail/CVE-2018-3628
An article about these vulnerabilities on Tech Republic provides summaries and lists the affected processors.
(Score: 0) by Anonymous Coward on Tuesday July 31 2018, @05:12PM (2 children)
alright... its 6.5hrs later, none of the posters seem to have read the details of the neat and easy to verify subnet-takeover exploit while the top-rated post is about cars.
(Score: 2) by The Mighty Buzzard on Tuesday July 31 2018, @07:19PM
I dunno about the rest of them but I don't particularly care about the details. I'm using pre-PSP AMD chips in all my local boxen still. And likely will be as long as they live or I can get replacement parts. Or until RISC-V becomes a viable alternative.
My rights don't end where your fear begins.
(Score: 4, Insightful) by requerdanos on Tuesday July 31 2018, @07:50PM
I wouldn't say no one's read the details; merely that no one's posted about them here, and no wonder. For BOTH of those links, the official Intel "Summary" reads as follows:
For convenience, I have highlighted the parts that are either empty buzzwords or outright lies in italic text that the reader may more easily identify threats to their personal and/or organizational security (i.e., all of them).
Because "continuously enhanced firmware resilience" of Intel's full-privilege rootkit on your computer means simply that they want to hold their own hands more firmly to your throat, as opposed to someone else's, the details that follow that are interesting, sure, but aren't the bigger story. As such, those security details might be less closely followed than the overarching privacy story.