Thursday, November 23, 2017

New Intel CPU Hack, turns your switched off Computer into a Zombie

The Management Engine is an independent subsystem that lives in a separate microprocessor on Intel chipsets; it exists to allow administrators to control devices remotely for all types of functions, from applying updates to troubleshooting. And since it has extensive access to and control over the main system processors, flaws in the ME give attackers a powerful jumping-off point.

Intel specifically undertook what spokesperson Agnes Kwan called a “proactive, extensive, rigorous evaluation of the product,” in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov from the vulnerability assessment firm Positive Technologies will present at Black Hat Europe next month. Their work shows an exploit that can run unsigned, unverified code on newer Intel chipsets, gaining more and more control using the ME as an unchecked launch point. The researchers also play with a sinister property of the ME: It can run even when a computer is “off” (just so long as the device is plugged in), because it is on a separate microprocessor, and essentially acts as a totally separate computer.

from https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/

----------NOT AFFECTED -----------------------------
1Desktop processors

from https://en.wikipedia.org/wiki/List_of_Intel_Core_i7_microprocessors

Fix it
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

No comments:

Post a Comment