This is HUGE. And, no doubt, this being actively exploited and has been for some time.
Regards, *ASB* *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* *Providing Expert Technology Consulting Services for the SMB market…* * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 On Tue, May 2, 2017 at 12:08 AM, Kurt Buff <[email protected]> wrote: > https://semiaccurate.com/2017/05/01/remote-security-exploit- > 2008-intel-platforms/ > First a little bit of background. SemiAccurate has known about this > vulnerability for literally years now, it came up in research we were > doing > on hardware backdoors over five years ago. What we found was scary on a > level that literally kept us up at night. For obvious reasons we couldn’t > publish what we found out but we took every opportunity to beg anyone who > could even tangentially influence the right people to do something about > this security problem. SemiAccurate explained the problem to literally > dozens of “right people” to seemingly no avail. We also strongly hinted > that it existed at every chance we had. > ... > The problem is quite simple, the ME controls the network ports and has > DMA access to the system. It can arbitrarily read and write to any memory > or storage on the system, can bypass disk encryption once it is unlocked > (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify > this capability yet), read and write to the screen, and do all of this > completely unlogged. Due to the network access abilities, it can also send > whatever it finds out to wherever it wants, encrypted or not. > ... > The short version is that every Intel platform with AMT, ISM, and > SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely > exploitable security hole in the ME (Management Engine) not CPU > firmware. If this isn’t scary enough news, even if your machine > doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, > just not over the network. For the moment. From what SemiAccurate > gathers, there is literally no Intel box made in the last 9+ years > that isn’t at risk. This is somewhere between nightmarish and > apocalyptic.[/QUOTE] > > https://security-center.intel.com/advisory.aspx?intelid= > INTEL-SA-00075&languageid=en-fr > > You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors > > Intel's mitigation guide: > https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075% > 20Mitigation%20Guide%20-%20Rev%201.1.pdf > > According to Intel: > > There is an escalation of privilege vulnerability in Intel® Active > Management Technology (AMT), Intel® Standard Manageability (ISM), > and Intel® Small Business Technology versions firmware versions > 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an > unprivileged attacker to gain control of the manageability features > provided by these products. This vulnerability does not exist on > Intel-based consumer PCs. > > >
