Intel Acknowledges ME Flaws, Announces Fixes

[Lucian Armasu]

After researchers found a way to completely takeover a PC by exploiting Intel's Management Engine via a USB attack, Intel started reviewing its ME firmware. The company found multiple vulnerabilities that could be exploited by attackers.

Intel Acknowledges ME Flaws, Announces Fixes : Read more

 

[fball922]

This article seems to be missing random words and is confusing to read.

 

[shrapnel_indie]

The closed source proprietary model of the firmware also denies most people—except the NSA—the ability to see what it does on a computer, which means it might come with security flaws that could be exploited by sophisticated attackers.

they think they should still be able to use the undocumented mode that the NSA has also been using to continue to disable the ME in their laptops, as the recent vulnerabilities announced by Intel don't seem to relate to it.

IOW: the alphabet soups still have their unmonitored back-door(s) in place so they can exploit it whenever they wish. Hopefully only under a valid warrant, but somehow I don't think that will stop 'em. If they're there (the access points, undocumented or not) SOMEONE will take advantage of it, not just guv snoops either. -- Shame on you Intel!

 

[Glock24]

I imagine there are other flaws affecting pervious products too, but they are too old for Intel to invest any effort to patch.

But then, those "flaws" may actually be features requested by the NSA.

 

[TripleHeinz]

I executed the tool in a machine with a 4th gen core processor and this is the output just in case you were wondering what happens if you do:

Risk Assessment
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

INTEL-SA-00086 Detection Tool
Application Version: 1.0.0.128
Scan date: 21-11-2017 16:05:21

Host Computer Information
Name: TRIPLEHEINZ
Manufacturer: Gigabyte Technology Co., Ltd.
Model: B85N-WIFI
Processor Name: Intel(R) Core(TM) i3-4330 CPU @ 3.50GHz
OS Version: Microsoft Windows 10 Pro

Intel(R) ME Information
Engine: Intel(R) Management Engine
Version: 9.0.30.1482
SVN: 1

Copyright(C) 2017, Intel Corporation, All rights reserved.

 

[derekullo]

At first I thought they were acknowledging Windows Millenium's flaws ....

All was forgiven with Windows Xp lol

 

[hahmed330]

Fixed it at least on My computer using the patch provided by Asus using this utility.

 

[hellraiser06]

And, TH still embeds videos that autoplay. You know guys, it becomes really awkward at work when everybody is suddenly looking at you just because you forgot to mute your browser. Just sayin

 

[geekguy]

So basically it's not a backdoor if the "right" guy is using it, if I understood correctly.
"... worried that ME could be used as a backdoor.
The closed source proprietary model of the firmware also denies most people—except the NSA..."
Moral of the story, buy Intel, you will be safe, you need to be safe! At least that's how the saying goes...

 

[Mpablo87]

Full takeover of ME via USB!!
Positive Technologies sounds great

 

[rwinches]

The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chips.

https://finance.yahoo.com/news/intel-apos-latest-core-processors-142100896.html

 

[grumpigeek]

Wow!
Intel are desperately trying to cover up this secret ME backdoor used by the NSA for warrantless spying on all Americans. I bet the Russians, Chinese and other malware authors are also using it.