SoylentNews
SoylentNews is people
https://soylentnews.org/

takyon writes:

It's time to update your Management Engine:

Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug. Most of the vulnerabilities require physical access to the targeted device, but one allows remote attacks with administrative access.

The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel's security team stated that "in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience."

Intel® Management Engine Critical Firmware Update (Intel SA-00086)

realDonaldTrump writes:

U.S. government warns about cyber bug in Intel chips

The U.S. government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.

The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as 'Management Engine' that shipped with eight types of processors used in business computers sold by Dell Technologies, Lenovo, HP Inc, Hewlett Packard Enterprise and other manufacturers."

Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.

"These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years," said Jay Little, a security engineer with cyber consulting firm Trail of Bits.

The official warning is here. Good luck to everybody! Good luck.

Also at Reuters and the EFF.

Original Submission #1   Original Submission #2

1. "takyon" - https://soylentnews.org/~takyon/
2. "time to update your Management Engine" - https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
3. "issued a security alert" - https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
4. "detection tool on its support website" - https://downloadcenter.intel.com/download/27150
5. "Intel® Management Engine Critical Firmware Update (Intel SA-00086)" - https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
6. "realDonaldTrump" - https://soylentnews.org/~realDonaldTrump/
7. "U.S. government warns about cyber bug in Intel chips" - http://www.foxbusiness.com/markets/2017/11/21/u-s-government-warns-about-cyber-bug-in-intel-chips.html
8. "here" - https://www.us-cert.gov/ncas/current-activity/2017/11/21/Intel-Firmware-Vulnerability
9. "Reuters" - https://www.reuters.com/article/us-intel-cyber-vulnerability/u-s-government-warns-businesses-about-cyber-bug-in-intel-chips-idUSKBN1DM01R
10. "EFF" - https://www.eff.org/deeplinks/2017/05/intels-management-engine-security-hazard-and-users-need-way-disable-it
11. "Original Submission #1" - https://soylentnews.org/submit.pl?op=viewsub&subid=23456
12. "Original Submission #2" - https://soylentnews.org/submit.pl?op=viewsub&subid=23452

printed from SoylentNews, Intel Management Engine Critical Firmware Update on 2024-04-19 12:05:03