Remotely exploitable firmware vulnerability in all Intel chipsets

Lloyd Kvam python at venix.com
Tue May 2 09:51:00 EDT 2017


http://mjg59.dreamwidth.org/48429.html
provides some Linux oriented info from Matthew Garrett

lspci | egrep 'MEI|HECI'
showed I have MEI

On Tue, 2017-05-02 at 07:20 -0400, Ben Scott wrote:
> This is potentially very bad for many people, as this is presumably exposed
> outside the firewall on the computer, and is OS-independent.
> 
> That means any laptop that leaves a firewalled LAN is exposed to a remote
> root exploit.
> 
> The Intel "Management Engine" (ME) runs along side the main processor.  It
> piggybacks on the network ports, and can read/write any memory or disk
> location in the system.  If an attacker can gain control of the ME, they
> can do whatever they want, outside the OS.
> 
> Reportedly some (most?) chipsets are vulnerable even if you're not using
> the ME or have it nominally disabled.  Even when not vulnerable to remote
> attack, everything is locally vulnerable.
> 
> It appears firmware fixes have to come from the motherboard vendor.
> 
> https://m.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
> 
> https://security-center.intel.com/advisory.aspx?intelid=INTE
> L-SA-00075&languageid=en-fr
> 
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
-- 
Lloyd Kvam
Venix
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug






More information about the gnhlug-discuss mailing list