Intel's Management Engine vulnerability

joxer

The Smoker
Original Sin Donor
Original Sin 2 Donor
Joined
April 12, 2009
Messages
23,459
https://wccftech.com/pc-makers-intel-me-disabled/

Intel has long been at the center of a controversy surrounding its Management Engine. The company recently issued a security advisory admitting that it has discovered several security vulnerabilities in its in-chip program. While the company also released firmware updates that purportedly fix those issues, some of the hardware vendors have started to offer computers with disabled ME.

You may check if your system is vulnerable easily as Intel made a tool (linux and windows):
https://downloadcenter.intel.com/download/27150

If you're in clear, you'll see something like this (GUI version):

pic.jpg


If it says your rig is vulnerable, tough luck - you'll have to wait for a firmware that disables ME. But at least you'll be aware of a "ticking bomb". ;)
 
Joined
Apr 12, 2009
Messages
23,459
I'm confused. Who is vulnerable ? This tool claims my i2500K is not vulnerable.

anyway i always thought this intel tool was a stupid idea prime for future shit.
 
Joined
Oct 20, 2006
Messages
7,758
Location
usa - no longer boston
Don't ask me. I ran Intel's tool to check my junk, when it said I'm safe I just couldn't bother to read any details. ;)

But anyway:
https://wccftech.com/intel-chip-flaws-security-risk/
Intel hasn’t disclosed the details of these vulnerabilities considering their high severity. Intel said that systems*using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.

Affected products include:

6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel®*Xeon®*Processor W*Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™*N and J series Processors

Your i5-2500K is 2nd gen.
My i5-4670K is 4th gen.
But I know people here bought some recent i7s... Or even i9s... :evilgrin:
 
Joined
Apr 12, 2009
Messages
23,459
I have a couple of old Core Duo machines. I will have to check and see.
 
Joined
May 2, 2017
Messages
252
If you can, I'd recommend crippling the ME altogether, from a security point of view. It's absolutely crazy - a blackbox mini OS always running in the background, with full access to all resources, and no way to know what it's doing. You could have the most secure OS ever devised, and the ME could still compromise you.
 
Joined
Nov 8, 2014
Messages
12,085
use the utility at Intel to determine if you are vulnerable

Then if you are, you will need to flash your BIOS from an update at your manufacturers website - that's if you haven't built your own machine.

DELL doesn't list any Inspiron even Intel said it was vulnerable. My buddy at Intel told me to use a generic one from Dell that targets my version.
 
Joined
Oct 19, 2006
Messages
5,212
Location
The Uncanny Valley
Still weird I have a haswell refresh but that is 5th generation. So just the recent shit skylake+. Anyway… thanks.

the other vulnerability that worries me are the motherboards that allow remote flashing.

Don't ask me. I ran Intel's tool to check my junk, when it said I'm safe I just couldn't bother to read any details. ;)

But anyway:
https://wccftech.com/intel-chip-flaws-security-risk/


Your i5-2500K is 2nd gen.
My i5-4670K is 4th gen.
But I know people here bought some recent i7s… Or even i9s… :evilgrin:
 
Joined
Oct 20, 2006
Messages
7,758
Location
usa - no longer boston
The ME made me seriously worried. I might not even get an Intel PC at this point (I'm still negotiating the specs of my new PC).
Right now I'm more inclined to return to an AMD-based PC now.
 
Joined
Nov 5, 2006
Messages
21,909
Location
Old Europe
The ME made me seriously worried. I might not even get an Intel PC at this point (I'm still negotiating the specs of my new PC).
Right now I'm more inclined to return to an AMD-based PC now.

Bear in mind that AMD have their equivalent of Intel's ME. I don't know they have any published vulnerabilities, but it's more or less the same kind of silly system. Pretty much all modern PCs have these supervisor chips, and at least some of the Intel ones can be disabled.
 
Joined
Nov 8, 2014
Messages
12,085
Oops, mine says it's vulnerable, but I'm not sure what I'm supposed to download. According to the scan I have a MSI board, model MS-7A72. I couldn't find anything on that at MSI's site.
 
Joined
Oct 18, 2006
Messages
8,821
I forgot about this. Not sure I will update my Core Duo machines because I'm too lazy.
 
Joined
May 2, 2017
Messages
252
Bear in mind that AMD have their equivalent of Intel's ME. I don't know they have any published vulnerabilities, but it's more or less the same kind of silly system. Pretty much all modern PCs have these supervisor chips, and at least some of the Intel ones can be disabled.

Yes, but to me it sounded as if ME was a whole sub-system …
 
Joined
Nov 5, 2006
Messages
21,909
Location
Old Europe
Back
Top Bottom