Collaborate Disseminate
Intel released eight patches for vulnerabilities in remote management software and firmware that could allow local adversaries to elevate privileges, run arbitrary code, crash systems and eavesdrop on communications. Continue reading Intel Patches CPU Bugs Impacting Millions of PCs, Servers
Intel patched ten vulnerabilities across a dozen generations of CPUs, with many of the vulnerabilities being severe and impacting millions of devices. The flaws would let hackers run code on targeted systems using vulnerabilities, which include multiple buffer overflows in the operating system kernel for the Intel Management Engine (ME) firmware. Lenovo, whose website calls it a high severity vulnerability with an industry-wide scope, has a striking description of the issue: “An attacker could load and execute arbitrary code outside the visibility of the user, operating system, and hypervisor/virtualization platform; resulting in exfiltration of secrets, subtle manipulation of system operation or denial of service.” Intel’s ME has long been criticized by security experts as a secret second internet-connected computer running inside your own machine without your knowledge or consent. That’s a potentially giant problem from a number of angles, not least of which is the fact that a user can’t turn […]
The post Intel patches flaw that leaves millions of computers vulnerable to hidden attacks appeared first on Cyberscoop.
Continue reading Intel patches flaw that leaves millions of computers vulnerable to hidden attacks
This is not your normal Sunday links post. This is Superconference Sunday, and right now there are dozens of awesome projects floating around our conference in Pasadena. This links post will be mostly the projects from Supercon, but before that there’s some stuff we need to clear out of the queue:
Concerning other conferences, the Sparklecon site is up. Why go to Sparklecon? It’s a blast.
Tindie is worldwide! There were a bunch of Tindie sellers at the Maker Faire Adelaide this weekend. YouTuber MickMake is a friend of Tindie and we’re teaming up to give away a few …read more
Intel finally patches the critical AMT bug discovered in March by security researcher Maksim Malyutin at Embedi, I say ‘kinda’ because it’s not really up to Intel to deploy the fix to the problem. They can’t really push out updates to CPUs, but at least they have fixed it in the firmware and now the […]
The post Intel Finally Patches…
Read the full post at darknet.org.uk
Continue reading Intel Finally Patches Critical AMT Bug (Kinda)
Updated: Since the below-reported vulnerability is highly critical and it would take a few weeks for sysadmins to protect their enterprise network, the research team has not yet disclosed the technical details of the vulnerability.
Meanwhile, I have t… Continue reading PCs with Intel Server Chipsets, Launched Since 2010, Can be Hacked Remotely
Betteridge’s Law of Headlines states, “Any headline that ends in a question mark can be answered by the word no.” This law remains unassailable. However, recent claims have called into question a black box hidden deep inside every Intel chipset produced in the last decade.
Yesterday, on the Semiaccurate blog, [Charlie Demerjian] announced a remote exploit for the Intel Management Engine (ME). This exploit covers every Intel platform with Active Management Technology (AMT) shipped since 2008. This is a small percentage of all systems running Intel chipsets, and even then the remote exploit will only work if AMT is enabled. …read more
Intel warns business PC customers of a critical vulnerability found in its Active Management Technology that allows for escalation of privilege attacks. Continue reading Intel Patches Nine-Year-Old Critical CPU Vulnerability
Five or so years ago, Intel rolled out something horrible. Intel’s Management Engine (ME) is a completely separate computing environment running on Intel chipsets that has access to everything. The ME has network access, access to the host operating system, memory, and cryptography engine. The ME can be used remotely even if the PC is powered off. If that sounds scary, it gets even worse: no one knows what the ME is doing, and we can’t even look at the code. When — not ‘if’ — the ME is finally cracked open, every computer running on a recent Intel chip …read more
So it seems the latest generation of Intel x86 CPUs have implemented a Intel hidden management engine that cannot be audited or examined. We can also assume at some point it will be compromised and security researchers are labelling this as a Ring -3 level vulnerability. This isn’t a new issue though, people have been […]
The post Intel…
Read the full post at darknet.org.uk
Continue reading Intel Hidden Management Engine – x86 Security Risk?
