Tuesday, November 21st 2017
Researchers Find Glaring Intel ME Security Flaws, Company Outs Detection Tool
Security researchers have found glaring security flaws with Intel Management Engine, the on-chip micro SoC that, besides governing the functionality of the processor, provides on-chip management and security features. These security flaws render "potentially millions" of PCs and notebooks, based on Intel processors, according to the researchers. Intel on Monday released a Detection Tool application that lets you identify vulnerabilities in the Management Engine of your Intel processor-powered PC, and suggests updates to Intel Management Engine drivers, or points to BIOS updates from your PC manufacturer.
Updates to Intel ME are specific to TXE 3.0 (trusted execution engine version 3.0), which is featured on processors based on "Skylake," "Kaby Lake," and "Coffee Lake" micro-architectures, across client- and enterprise market segments, and Atom processors released in the past three years. Intel chronicled this security flaw further under Security Advisory 86, and released the SA-00086 Detection Tool.
Source:
Wired
Updates to Intel ME are specific to TXE 3.0 (trusted execution engine version 3.0), which is featured on processors based on "Skylake," "Kaby Lake," and "Coffee Lake" micro-architectures, across client- and enterprise market segments, and Atom processors released in the past three years. Intel chronicled this security flaw further under Security Advisory 86, and released the SA-00086 Detection Tool.
45 Comments on Researchers Find Glaring Intel ME Security Flaws, Company Outs Detection Tool
CIA or NSA: "Hey Intel, can you put this backdoor on your chips so we can exploit it for reasons and stuff?"
Intel: "No."
A 1984's Telescreen for everyone.
Systems using Intel ME Firmware versions 11.0.0 through 11.7.0, SPS Firmware version 4.0, and TXE version 3.0 are impacted. You may find these firmware versions on certain processors from the:
- 6th, 7th, and 8th generation Intel® Core™ Processor Family:
- Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel Atom® C3000 Processor Family
- Apollo Lake Intel Atom® Processor E3900 series
- Apollo Lake Intel® Pentium® Processors
- Intel® Celeron® N and J series Processors
The question is open, whether some exploit in similar manner exists for older platforms.oh well .... (actually that's also a reminder that my OS is in French while i hate it .... i need to remedy to that asap ..., that and also getting a X370 rig to go with the Win10 En i will need later .... good news .... i can sell 1 of my HDD with a clean Win10 on it alongside mobo/RAM/CPU to increase resell value .... mhhh i should put it all in my AIR540 and put it on sale ... might even put my actual PSU to make it go a little further ... upgrade time is getting real .... thanks Intel :D )
(Note) Please installing Microsoft Hot fix first, if operation system is Windows 7.
[11.6.0.1030]
4.43 MB
2016/12/26
awwww crap ....well at last it's not on Gigabyte support for my GA-Z170X-Gaming 7
And good luck waiting for manufacturers providing this fix for older 6th gen processors. Especially on lower end boards.
Technicly it's possible to cobble together your own version by integrating the latest ME Firmware to your BIOS and then flashing it (link above) but it's fairly technical and if you mess it up you could brick your board.
Even new systems are affected:
This is actually a pretty serious issue, IMHO. Expect nearly anything released by Intel in he last 5-8 years to need a BIOS update.
And yes, the ME can be updated separately formt the BIOS itself. Some obards even offer the ability to update either part on it's own, while some boards only update both, and some do it separately, but never tell you...
Pro version atleast buddy.