Good info here: https://mjg59.dreamwidth.org/48429.html
On Wed, May 3, 2017 at 12:48 PM, Andrew S. Baker <[email protected]> wrote: > This is HUGE. > > And, no doubt, this being actively exploited and has been for some time. > > Regards, > > *ASB* > *http://XeeMe.com/AndrewBaker <http://xeeme.com/AndrewBaker>* > > *Providing Expert Technology Consulting Services for the SMB market…* > > * GPG: *860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842 > > > > On Tue, May 2, 2017 at 12:08 AM, Kurt Buff <[email protected]> wrote: > >> https://semiaccurate.com/2017/05/01/remote-security-exploit- >> 2008-intel-platforms/ >> First a little bit of background. SemiAccurate has known about this >> vulnerability for literally years now, it came up in research we were >> doing >> on hardware backdoors over five years ago. What we found was scary on a >> level that literally kept us up at night. For obvious reasons we couldn’t >> publish what we found out but we took every opportunity to beg anyone who >> could even tangentially influence the right people to do something about >> this security problem. SemiAccurate explained the problem to literally >> dozens of “right people” to seemingly no avail. We also strongly hinted >> that it existed at every chance we had. >> ... >> The problem is quite simple, the ME controls the network ports and has >> DMA access to the system. It can arbitrarily read and write to any memory >> or storage on the system, can bypass disk encryption once it is unlocked >> (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify >> this capability yet), read and write to the screen, and do all of this >> completely unlogged. Due to the network access abilities, it can also >> send >> whatever it finds out to wherever it wants, encrypted or not. >> ... >> The short version is that every Intel platform with AMT, ISM, and >> SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely >> exploitable security hole in the ME (Management Engine) not CPU >> firmware. If this isn’t scary enough news, even if your machine >> doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, >> just not over the network. For the moment. From what SemiAccurate >> gathers, there is literally no Intel box made in the last 9+ years >> that isn’t at risk. This is somewhere between nightmarish and >> apocalyptic.[/QUOTE] >> >> https://security-center.intel.com/advisory.aspx?intelid=INTE >> L-SA-00075&languageid=en-fr >> >> You can check your CPUs for vPro etc at https://ark.intel.com/#@Proces >> sors >> >> Intel's mitigation guide: >> https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20 >> Mitigation%20Guide%20-%20Rev%201.1.pdf >> >> According to Intel: >> >> There is an escalation of privilege vulnerability in Intel® Active >> Management Technology (AMT), Intel® Standard Manageability (ISM), >> and Intel® Small Business Technology versions firmware versions >> 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an >> unprivileged attacker to gain control of the manageability features >> provided by these products. This vulnerability does not exist on >> Intel-based consumer PCs. >> >> >> >
