Good info. Thanks.
On Wed, May 3, 2017 at 11:53 AM, Richard Stovall <[email protected]> wrote:
> Good info here: https://mjg59.dreamwidth.org/48429.html
>
>
>
> On Wed, May 3, 2017 at 12:48 PM, Andrew S. Baker <[email protected]> wrote:
>>
>> This is HUGE.
>>
>> And, no doubt, this being actively exploited and has been for some time.
>>
>> Regards,
>>
>> ASB
>> http://XeeMe.com/AndrewBaker
>>
>> Providing Expert Technology Consulting Services for the SMB market…
>>
>> GPG: 860D 40A1 4DA5 3AE1 B052 8F9F 07A1 F9D6 A549 8842
>>
>>
>>
>> On Tue, May 2, 2017 at 12:08 AM, Kurt Buff <[email protected]> wrote:
>>>
>>>
>>> https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
>>> First a little bit of background. SemiAccurate has known about this
>>> vulnerability for literally years now, it came up in research we were
>>> doing
>>> on hardware backdoors over five years ago. What we found was scary on a
>>> level that literally kept us up at night. For obvious reasons we
>>> couldn’t
>>> publish what we found out but we took every opportunity to beg anyone
>>> who
>>> could even tangentially influence the right people to do something about
>>> this security problem. SemiAccurate explained the problem to literally
>>> dozens of “right people” to seemingly no avail. We also strongly hinted
>>> that it existed at every chance we had.
>>> ...
>>> The problem is quite simple, the ME controls the network ports and has
>>> DMA access to the system. It can arbitrarily read and write to any
>>> memory
>>> or storage on the system, can bypass disk encryption once it is unlocked
>>> (and possibly if it has not, SemiAccurate hasn’t been able to 100%
>>> verify
>>> this capability yet), read and write to the screen, and do all of this
>>> completely unlogged. Due to the network access abilities, it can also
>>> send
>>> whatever it finds out to wherever it wants, encrypted or not.
>>> ...
>>> The short version is that every Intel platform with AMT, ISM, and
>>> SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely
>>> exploitable security hole in the ME (Management Engine) not CPU
>>> firmware. If this isn’t scary enough news, even if your machine
>>> doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable,
>>> just not over the network. For the moment. From what SemiAccurate
>>> gathers, there is literally no Intel box made in the last 9+ years
>>> that isn’t at risk. This is somewhere between nightmarish and
>>> apocalyptic.[/QUOTE]
>>>
>>>
>>> https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
>>>
>>> You can check your CPUs for vPro etc at
>>> https://ark.intel.com/#@Processors
>>>
>>> Intel's mitigation guide:
>>>
>>> https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075%20Mitigation%20Guide%20-%20Rev%201.1.pdf
>>>
>>> According to Intel:
>>>
>>> There is an escalation of privilege vulnerability in Intel® Active
>>> Management Technology (AMT), Intel® Standard Manageability (ISM),
>>> and Intel® Small Business Technology versions firmware versions
>>> 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an
>>> unprivileged attacker to gain control of the manageability features
>>> provided by these products. This vulnerability does not exist on
>>> Intel-based consumer PCs.
>>>
>>>
>>
>
