Remotely exploitable firmware vulnerability in all Intel chipsets
Ben Scott
dragonhawk at gmail.com
Tue May 2 07:20:15 EDT 2017
This is potentially very bad for many people, as this is presumably exposed
outside the firewall on the computer, and is OS-independent.
That means any laptop that leaves a firewalled LAN is exposed to a remote
root exploit.
The Intel "Management Engine" (ME) runs along side the main processor. It
piggybacks on the network ports, and can read/write any memory or disk
location in the system. If an attacker can gain control of the ME, they
can do whatever they want, outside the OS.
Reportedly some (most?) chipsets are vulnerable even if you're not using
the ME or have it nominally disabled. Even when not vulnerable to remote
attack, everything is locally vulnerable.
It appears firmware fixes have to come from the motherboard vendor.
https://m.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
https://security-center.intel.com/advisory.aspx?intelid=INTE
L-SA-00075&languageid=en-fr
-- Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.gnhlug.org/pipermail/gnhlug-discuss/attachments/20170502/0be35e93/attachment.html
More information about the gnhlug-discuss
mailing list