Author Topic: Massive vulnerability in Intel CPUs with the IME (Read 5262 times)

Metario · May 02, 2017, 11:43:35 AM

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
Uh oh.
Your CPU is only vulnerable if the AMT/IME has provisioned, so this is an exploit that servers will most likely be affected by/big corporate enterprises with laptops deployed, etc. Nevertheless, Intel BTFO

Ad Bot · Advertisement

TableSalt · May 02, 2017, 11:47:58 AM

~~dude, nice~~
on a scale of 1 to 12 how massive is this

Insert Name Here² · May 02, 2017, 11:50:22 AM

Amd rejoices

Metario · May 02, 2017, 11:50:59 AM

Quote from: TableSalt on May 02, 2017, 11:47:58 AM

~~dude, nice~~
on a scale of 1 to 12 how massive is this

12
If an attacker gains access to a network they can take over servers, and have full control

Metario · May 02, 2017, 11:54:22 AM

If you have a Intel CPU, check if it has vPro on the sticker. If it does, update your IME firmware as quick as possible.

Ipquarx · May 02, 2017, 12:18:50 PM

This is somewhere between disastrous and apocalyptic... EVERY SINGLE INTEL CHIP IN THE PAST 9 YEARS. IS VULNERABLE. This is the holy grail of exploits, and I guarantee you this is being exploited out in the wild right now. Update your firmware ASAP.

Headcrab Zombie · May 02, 2017, 03:24:04 PM

Quote from: Ipquarx on May 02, 2017, 12:18:50 PM

EVERY SINGLE INTEL CHIP IN THE PAST 9 YEARS. IS VULNERABLE.

Quote

This vulnerability does not exist on Intel-based consumer PCs.

Considering probably 99% of the users on this forum are only using consumer equipment, I think we're overstating the situation just a tad

Edit:
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability

Quote

Intel reckons the vulnerability affects business and server boxes, because they tend to have vPro and AMT present and enabled, and not systems aimed at ordinary folks, which typically don't.

RedGajin · May 02, 2017, 03:45:34 PM

Quote from: Headcrab Zombie on May 02, 2017, 03:24:04 PM

Considering probably 99% of the users on this forum are only using consumer equipment, I think we're overstating the situation just a tad

Edit:
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability

yeah even if youre pc has amt on the device, its usually disabled by default
so this wont really effect anyone besides business, still a good idea to double check tho

Frankie² · May 02, 2017, 03:48:07 PM

the nsa is gonna have a forgetin aneurysm

crazies alt · May 02, 2017, 03:50:13 PM

my pc doesnt have intel, i dont think?
yea no it doesnt. im safe

Metario · May 02, 2017, 04:04:56 PM

Quote from: Headcrab Zombie on May 02, 2017, 03:24:04 PM

Considering probably 99% of the users on this forum are only using consumer equipment, I think we're overstating the situation just a tad

Edit:
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability

Not forgetting that nearly every server on this planet is vulnerable, yes

Willco2 · May 02, 2017, 04:26:34 PM

I thought both AMD and Intel chips were vulnerable to an exploit at one point... Can't remember what it was, but it was back in like January that I read an article on it and iirc it said something a long the lines of an intentional backdoor that was taken advantage of by the NSA or something?
Anyways on topic, this gave me a slight heart attack seeing as I only have Intel chips in my PCs right now. Luckily, only 2 of those devices are ones with vPro (tech?) in them, and they aren't mine, their from my dad's work.

Ipquarx · May 02, 2017, 04:43:08 PM

Quote from: Headcrab Zombie on May 02, 2017, 03:24:04 PM

Considering probably 99% of the users on this forum are only using consumer equipment, I think we're overstating the situation just a tad

This is the website that actually found the vulnerability: http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

"If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic."

McJob · May 02, 2017, 04:44:35 PM

Quote from: Willco2 on May 02, 2017, 04:26:34 PM

I thought both AMD and Intel chips were vulnerable to an exploit at one point...

OP is apparently too thick to understand that there are plenty of vulnerabilities in CPUs and GPUs.

https://security-center.intel.com/advisories.aspx

These things get patched all the time. Who cares how long it existed for, especially if it's only now that it's been publicised and there was no Zero-Day attack to show that anybody could be bothered to use this method.

I can't wait to see how he spins this into a Microsoft drama. Maybe next he'll pick on NVIDIA to go for the full trifecta. Is this a ploy to make us all purchase AMD hardware with Linux?

Metario · May 02, 2017, 05:15:04 PM

Quote from: McJob on May 02, 2017, 04:44:35 PM

OP is apparently too thick to understand that there are plenty of vulnerabilities in CPUs and GPUs.

https://security-center.intel.com/advisories.aspx

These things get patched all the time. Who cares how long it existed for, especially if it's only now that it's been publicised and there was no Zero-Day attack to show that anybody could be bothered to use this method.

I can't wait to see how he spins this into a Microsoft drama. Maybe next he'll pick on NVIDIA to go for the full trifecta. Is this a ploy to make us all purchase AMD hardware with Linux?

Yeah, let's just forget that this is in the Management Engine of the CPU, and allows you to own somebodys system, even when it's off (but still plugged in). Let's just forget all of that, and have a nice chuckle about this. https://www.slideshare.net/codeblue_jp/igor-skochinsky-enpub for all of the wonderful features of the ME.