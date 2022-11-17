from the get-your-patches-here dept.
It's time to update your Management Engine:
Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.
The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel's security team stated that "in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience."
Intel® Management Engine Critical Firmware Update (Intel SA-00086)
U.S. government warns about cyber bug in Intel chips
The U.S. government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.
The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as 'Management Engine' that shipped with eight types of processors used in business computers sold by Dell Technologies, Lenovo, HP Inc, Hewlett Packard Enterprise and other manufacturers."
Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.
"These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years," said Jay Little, a security engineer with cyber consulting firm Trail of Bits.
The official warning is here. Good luck to everybody! Good luck.
(Score: 1) by Ethanol-fueled on Thursday November 23, @12:14PM (1 child)
Good Evening Gentlemen. We Won the War: fuck off, bastards! [youtube.com]
Reply to This
(Score: 1) by Ethanol-fueled on Thursday November 23, @12:28PM
"Sniff, cry,
I love you guys.
BFBFBFBBFFBF"
Never forget!
Reply to This
Parent
(Score: 2) by The Mighty Buzzard on Thursday November 23, @12:25PM (7 children)
Well I guess I'll add not owning a computer with a hardware rootkit to my list of shat to be thankful for this year. Right next to having eaten enough fish out of the freezers this year that I can start filling them again.
Save Ferris!
Reply to This
(Score: 2) by bradley13 on Thursday November 23, @12:30PM (1 child)
"Well I guess I'll add not owning a computer with a hardware rootkit to my list of shat to be thankful for this year."
Well, anyway, no hardware rootkit that you know about...
Everyone is somebody else's weirdo.
Reply to This
Parent
(Score: 2) by The Mighty Buzzard on Thursday November 23, @01:11PM
What, you don't delid all your chips and inspect all the logic before you power them up? Slacker.
Save Ferris!
Reply to This
Parent
(Score: 0, Flamebait) by Ethanol-fueled on Thursday November 23, @12:37PM (4 children)
We don't give a shit about hardware rootkits as much as we give a shit about hardware debonings. Also, NIGGERS.
Reply to This
Parent
(Score: 2) by The Mighty Buzzard on Thursday November 23, @01:07PM (3 children)
It's turkey day not fried chicken day. Speaking of, that stereotype annoys me. Not because racial stereotypes annoy me (They don't. I'm not a whiny bitch.) but because it's a shitty stereotype. Basically anyone who grew up poor before the price of chicken went way the hell up loves fried chicken unless their mom sucked at making fried chicken.
Save Ferris!
Reply to This
Parent
(Score: 2) by bradley13 on Thursday November 23, @01:20PM (2 children)
Fried chicken is a southern specialty, and my grandmother made it probably once a week. Yum.
Same for watermelon: how the heck is watermelon supposed to be a racist symbol? Does some group have green, stripy skin? Maybe those little green critters from Mars?
Whoever is trying to label things like these as racist is just part of the larger attack on southern culture. Screw 'em.
Everyone is somebody else's weirdo.
Reply to This
Parent
(Score: 2) by Runaway1956 on Thursday November 23, @01:31PM
It's the lizard people. Next time you go to a fried chicken place, watch the people around you. People like you and I pick, nibble, and munch all around the bone. Lizard people just inhaled the whole thing. The teeth are fake, so they can't chew. But, anything they can get past those fake teeth goes right down. Kinda like snakes, but with legs.
This broadcast is intended for mature audiences.
Reply to This
Parent
(Score: 2) by The Mighty Buzzard on Thursday November 23, @01:40PM
I know, right? Fucking carpetbagging, snare-drumming, yankee lawyers. Them som-bitches could fuck up a county fair.
Save Ferris!
Reply to This
Parent
(Score: 2) by bradley13 on Thursday November 23, @12:29PM (4 children)
Great, so this tool tells you that your system is vulnerable. Click on the link to the downloads page - expecting to find patch files and instructions - and the page says "There are currently no downloads available for Intel® Management Engine Firmware". So how the hell are you supposed to patch this? Someone please tell me that I am missing an obvious link???
The detection tool and instructions are also anything but idiot-proof. Certainly Joe Sixpack is not going to pull this off. Intel really, really needs to provide a one-click, idiot-proof program to diagnose and fix the problem. Of course, it is entirely possible that this cannot be done - is there any way for to burn new firmware from a running operating system?
On the meta-level: What are the chances that the tech community can use this to pressure Intel to deliver chips with the ME disabled-by-default? Or even eliminate it altogether?
Everyone is somebody else's weirdo.
Reply to This
(Score: 1) by effbee on Thursday November 23, @12:36PM
The ME updates come in BIOS updates, so you'll have to hope your motherboard maker feels like releasing a patched BIOS.
Reply to This
Parent
(Score: 2) by Snospar on Thursday November 23, @12:46PM (2 children)
I'm assuming Intel will release a microcode firmware update for this shortly which Debian will use to update their "intel-microcode" package. Beyond that I'll have to wait for another BIOS update from Gigabyte - given that I'm still trying to sort issues (mainly related to UEFI) from the last one, I can't wait.
Why is Intel not forced to replace the faulty component they sold me? It's now got known bugs that impact it's performance, stability, accuracy and security. BINGO!
First time I've gone with Intel in years, and it will be my last, back to AMD for me.
Reply to This
Parent
(Score: 2) by zocalo on Thursday November 23, @12:57PM
UNIX? They're not even circumcised! Savages!
Reply to This
Parent
(Score: 2) by The Mighty Buzzard on Thursday November 23, @01:00PM
You can bet your ass that AMD (post-AM3+) has pretty much exactly the same issues, it's just that they're not publicly known yet.
Save Ferris!
Reply to This
Parent
(Score: 2) by Runaway1956 on Thursday November 23, @01:36PM
I've mentioned my experience with Compaq shipping computers with pre-installed crapware and associated vulnerabilities. We're all aware that our telephone retailers (the telcos) install various kinds of malware on those devices. Now Intel thoughtfully installs vulnerabilities so that EVERYONE has backdoors on their machines. He, no one wants to be left out!
This broadcast is intended for mature audiences.
Reply to This