Remotely exploitable firmware vulnerability in all Intel chipsets
Lloyd Kvam
python at venix.com
Tue May 2 09:51:00 EDT 2017
http://mjg59.dreamwidth.org/48429.html
provides some Linux oriented info from Matthew Garrett
lspci | egrep 'MEI|HECI'
showed I have MEI
On Tue, 2017-05-02 at 07:20 -0400, Ben Scott wrote:
> This is potentially very bad for many people, as this is presumably exposed
> outside the firewall on the computer, and is OS-independent.
>
> That means any laptop that leaves a firewalled LAN is exposed to a remote
> root exploit.
>
> The Intel "Management Engine" (ME) runs along side the main processor. It
> piggybacks on the network ports, and can read/write any memory or disk
> location in the system. If an attacker can gain control of the ME, they
> can do whatever they want, outside the OS.
>
> Reportedly some (most?) chipsets are vulnerable even if you're not using
> the ME or have it nominally disabled. Even when not vulnerable to remote
> attack, everything is locally vulnerable.
>
> It appears firmware fixes have to come from the motherboard vendor.
>
> https://m.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
>
> https://security-center.intel.com/advisory.aspx?intelid=INTE
> L-SA-00075&languageid=en-fr
>
> -- Ben
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
--
Lloyd Kvam
Venix
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug
More information about the gnhlug-discuss
mailing list