News Intel Says it Doubled Down on Fixing Security Bugs in 2019

Toggle sidebar Toggle sidebar
digitalgriffin

digitalgriffin

Splendid
Jan 29, 2008
3,540
1,483
25,390
Now the question is:
Why can't intel release a tool which generically disables AMT and performs CPU microcode updates?
Why does it have to be the motherboard vendors responsibility to update the CPU microcode?

Is it that hard for Intel to create a boot loader which updates CPU microcode? Or invalidates the UEFI area for AMT?
 
Last edited:
  • Like
Reactions: bit_user
bit_user

bit_user

Polypheme
Ambassador
Jan 20, 2010
14,165
5,751
62,040
Intel said that 91% of the reported bugs in 2019 were due to its investment in product assurance.
Click to expand...
It's quite some PR spin for Intel to take credit for all of the bugs reported through their Bug Bounty program. I expect a majority of those were from researchers who would've disclosed the bugs, anyhow, but are quite willing to take any payment on offer.

Much respect to those who declined payment (although some might've been government agencies or big customers, who wouldn't be allowed to take what are effectively vendor kickbacks).

It also noted that none of the 236 vulnerabilities uncovered in 2019 were known to be used in attacks at the time of public disclosure.
Click to expand...
Probably because these exploits are more difficult to find & utilize, leaving them as targets for governments & their contractors, who are more secretive and selective about their targets.
 
bit_user

bit_user

Polypheme
Ambassador
Jan 20, 2010
14,165
5,751
62,040
digitalgriffin said:
Why can't intel release a tool which ... performs CPU microcode updates?

Why does it have to be the motherboard vendors responsibility to update the CPU microcode?
Click to expand...
My guess is that Intel wants to allow platform vendors to qualify the microcode updates against their solution. The last thing Intel wants is to break some set of end users and be in the legal hot seat with the platform vendor. And, the way Intel's supplier agreements are probably worded, it's the latter who's ultimately liable to their customers for Intel's vulnerabilities. So, they're the ones who will have to get the patches into customers' hands.

In practical terms, Intel could do what you said, and it would be fine in the vast majority of cases. However, it doesn't take a lot of corner cases to create a very expensive legal headache.
 
  • Like
Reactions: digitalgriffin
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom