The Management Engine is an independent subsystem that lives in a separate microprocessor on Intel chipsets; it exists to allow administrators to control devices remotely for all types of functions, from applying updates to troubleshooting. And since it has extensive access to and control over the main system processors, flaws in the ME give attackers a powerful jumping-off point.
Intel specifically undertook what spokesperson Agnes Kwan called a “proactive, extensive, rigorous evaluation of the product,” in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov from the vulnerability assessment firm Positive Technologies will present at Black Hat Europe next month. Their work shows an exploit that can run unsigned, unverified code on newer Intel chipsets, gaining more and more control using the ME as an unchecked launch point. The researchers also play with a sinister property of the ME: It can run even when a computer is “off” (just so long as the device is plugged in), because it is on a separate microprocessor, and essentially acts as a totally separate computer.
from https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/
----------NOT AFFECTED -----------------------------
1Desktop processors
from https://en.wikipedia.org/wiki/List_of_Intel_Core_i7_microprocessors
Fix it
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
Intel specifically undertook what spokesperson Agnes Kwan called a “proactive, extensive, rigorous evaluation of the product,” in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov from the vulnerability assessment firm Positive Technologies will present at Black Hat Europe next month. Their work shows an exploit that can run unsigned, unverified code on newer Intel chipsets, gaining more and more control using the ME as an unchecked launch point. The researchers also play with a sinister property of the ME: It can run even when a computer is “off” (just so long as the device is plugged in), because it is on a separate microprocessor, and essentially acts as a totally separate computer.
from https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/
----------NOT AFFECTED -----------------------------
1Desktop processors
- 1.1Nehalem microarchitecture (1st generation)
- 1.2Westmere microarchitecture (1st generation)
- 1.3Sandy Bridge microarchitecture (2nd generation)
- 1.4Ivy Bridge microarchitecture (3rd generation)
- 1.5Haswell microarchitecture (4th generation) Released in Year 2013-14
- 1.6Broadwell microarchitecture (5th generation) Released in Year 2015
- 1.6.1"Broadwell-H" (quad-core, 14 nm)
- 1.6.2"Broadwell-E" (14 nm)
---------------- AFFECTED ----------------------------------------------------------------
- 1.7Skylake microarchitecture (6th generation) Release in Year 2015
- 1.8Kaby Lake microarchitecture (7th generation)
- 1.9Coffee Lake microarchitecture (8th generation)
- 1.9.1"Coffee Lake-S" (14 nm) [11]
from https://en.wikipedia.org/wiki/List_of_Intel_Core_i7_microprocessors
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
No comments:
Post a Comment