The issue with Intel's processors is widespread and a fix will not be available for some time yet. The flaws in their security features are present in 6-8th gen Core chips, as well as a variety of Xeons, Celerons and Apollo Lake CPUs which accounts for a wide variety of systems, from gaming machines to NAS devices. All suffer from the vulnerability which allows compromised code to run a system invisibly, as it will be executed below the OS on the actual chip. From what The Register gleaned from various manufacturers, only Dell will release a patch before 2018 and even that will only offer a solution for a very limited number of machines. The end of 2017 is going to be a little too interesting for many sysadmins.
"As Intel admitted on Monday, multiple flaws in its Management Engine, Server Platform Services, and Trusted Execution Engine make it possible to run code that operating systems – and therefore sysadmins and users – just can't see."
Here is some more Tech News from around the web:
- Samba needs two patches, unless you're happy for SMB servers to dance for evildoers @ The Register
- Mobile DRAM prices soar @ Electronics Weekly
- Galaxy S9 price, release date and specs: Leaked render confirms vertical dual cameras, rear fingerprint sensor @ The Inquirer
- The Best CPU & GPU Purchases of 2017 @ Techspot
- A Third of Americans Still Buy and Rent Videos @ Slashdot
- Black Friday: The Google Updates guide to free apps and sale prices @ The Inquirer
- Dealmaster: All the Black Friday tech deals we can find @ Ars Technica
Good thing i have the 5775-C
Good thing i have the 5775-C
You do? Wow, I thought I was
You do? Wow, I thought I was the only one who bought that CPU.
It’s this and the Fact That
It’s this and the Fact That UEFI is also an OS of sorts in itself that runs below OS ring 0 and that’s even more problems of a SuperFish level.
Yes the Unified Extensible Firmware Interface(UEFI) is Extensible and pleny of good as well and nasty things can happen there if the devices’ OEMs see extra $$$ in doing so! As well as the Security Risks of so much unvetted/unvalidated for security risks extending of that UEFI’s Extensible framework by OEMs.
With all these hardware/firmware/ME weak links happening at levels even below the Type-1 Bare metal Hypervisor Level on the lower Rings of hardware/firmware/Intel Management Engine levels. It’s all below 0, in these mad below 0-day pawnage levels of XMAS joy!
.
.
.
Oh Tannenbaum! Oh Tannenbaum!
Your OS’s Pawnage frightens us!
It Runs below Ring Zero in ways that don’t adhere to!
Best standards of security!
Your OS has been included in so much nefarious doings!
By three letter agency miscreants!
And crooked online princes!
Oh Tannenbaum! Oh Tannenbaum!
Your OS’s Pawnage spites us!
You seem to know big words,
You seem to know big words, but not how to put them together in a coherent manner.
Probably the best way to
Probably the best way to patch up and get rid of these easily exploited technologies is to show proof of concept using them to disable/circumvent DRM and other forms of copy protection.
Nobody cares about consumer privacy or security because the penalty for failing there is practically nothing, but circumventing copy protection/DRM on the other hand could easily bring a few actually expensive lawsuits down that even a giant like Intel would be hard pressed to write off as the cost of doing business.
A good source for Intel ME
A good source for Intel ME update info is:
https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
Contrary to what this pcper.com article seems to imply, it is possible for end users to update to the latest Intel ME firmware, even if the board manufacturer is being laggard in that regard.
Side note: a company called Purism offers laptops that have the Intel ME firmware disabled:
https://puri.sm/products/
I thought some folks were
I thought some folks were working on getting their computers working with that shit turned off, or at least running in a limited mode where it just does what most people think it does, manage the chipset functions. They were slowly chipping away at the code to this omnipresent beast and I remember reading that their only hang-up was the trial and error being costly as the FPGA or whatever the shit’s printed on physically blows fuses when you try to flip bits and reprogram it. Bum.. bum bum, bum bum. Shit inside! And on top of that it turns the computer off after 30 minutes if it knows you’ve disabled it. Some will blame the NSA or CIA for making Shitel put the backdoor there in the first place. People without tinfoil in their wardrobes hope it started with good intentions and was just poorly executed. No one can deny that it is going to be a MAJOR problem for EVERYONE if some rooskie gets in to it and learns the exploits.
Consumers need to be given
Consumers need to be given the ability to shut down the IME entirely.
Yes people can do bios
Yes people can do bios updates without the manufacturer giving the green light, but when it comes to system critical installations and server farms, no sysadmin is going to take the chance and put his job on the line for it.
This is a serious problem for Intel and time will tell how serious. I for one will be very wary of Intel products for now.
To update an OS security patch is not a difficult task, but to update motherboard bioses can be quite a hassle. Just think if you have to update rows and rows of servers’ motherboards, your cloud servers won’t be of line just for a few minutes. Then there is always the chance that the flash might not work right or brick a motherboard. Although proper flashing should not be a problem, there is always Murphy’s law…
Asus Z170a boards already
Asus Z170a boards already have a patch available.