SoylentNews is people
SoylentNews
Not that anyone is surprised or even cares but two more severe bugs have been found in the Intel Management Engine firmware. They allow remote execution with full privileges:
https://nvd.nist.gov/vuln/detail/CVE-2018-3627
https://nvd.nist.gov/vuln/detail/CVE-2018-3628
An article about these vulnerabilities on Tech Republic provides summaries and lists the affected processors.
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
To stand and be still,
At the Birkenhead drill,
Is a damned tough bullet to chew.
-- Rudyard Kipling
(Score: 4, Insightful) by requerdanos on Tuesday July 31 2018, @07:50PM
I wouldn't say no one's read the details; merely that no one's posted about them here, and no wonder. For BOTH of those links, the official Intel "Summary" reads as follows:
For convenience, I have highlighted the parts that are either empty buzzwords or outright lies in italic text that the reader may more easily identify threats to their personal and/or organizational security (i.e., all of them).
Because "continuously enhanced firmware resilience" of Intel's full-privilege rootkit on your computer means simply that they want to hold their own hands more firmly to your throat, as opposed to someone else's, the details that follow that are interesting, sure, but aren't the bigger story. As such, those security details might be less closely followed than the overarching privacy story.