Tech

PC vendors scramble as Intel announces vulnerability in firmware

PC vendors scramble as Intel announces vulnerability in firmware

At the heart of the critical flaw is Intel's Management Engine. The ME is an Intel feature intended for administrative use that runs at a more foundational level than operating systems.

But for years, security specialists have identified a conveyor belt of exploitable security flaws. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. The researchers said they found a vulnerability in a subsystem of Intel ME versions 11 and higher.

The company says it has reviewed and updated its Management Engine (versions 11.0 to 11.20), Server Platform Services (SPS) version 4.0, and Trusted Execution Engine version 3.0 in order to improve "firmware resilience". Fixes vary from system to system and will be provided by system manufacturers - users of Dell systems will obtain patches from Dell, and so on, meaning that different brands will be patchable at different times.

"Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals", the Black Hat Europe abstract stated.

More news: Cytokinetics' Stock Sinks on Abandoning ALS Drug After Failed Trial

The Intel ME is a complete OS running on dedicated hardware in Intel systems.

"Intel has identified security vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms".

Trusted Execution Engine is also vulnerable to privilege escalation and local code execution flaw, both of which have been rated as high severity vulnerabilities. On May 1, Intel issued a critical security advisory for privilege escalation flaws impacting its Intel Active Management Technology (AMT), Intel Standard Manageability and Intel Small Business Technology management technologies. As a result, it admits that it has discovered significant security issues connected to Intel ME.

"We haven't heard too much on this from Intel or customers". "Organizations that do nothing may be giving attackers free rein over their networks during the downtime". He noted that Rapid7's Heisenberg Cloud honeypot sensor network has already detected researcher and non-researcher opportunistic scans for open Intel management ports on the internet. It will then work backwards to address other affected products.


  • When will Padmavati release? Shahid Kapoor responds

    When will Padmavati release? Shahid Kapoor responds

    While his co-stars Ranveer Singh and Deepika Padukone have been very verbal in expressing their opinion, Shahid has been quiet. Shahid says that he is being very optimistic because eventually, the movie has to release and will be loved by the audience.
    AT&T-Time Warner Deal 'Not Good for the Country'

    AT&T-Time Warner Deal 'Not Good for the Country'

    But Stephenson said AT&T would not agree to anything that would result in it losing control of CNN. If denied, it could set a new precedent for how similar mergers are approached.
    Chelsea quartet out of Qarabag clash

    Chelsea quartet out of Qarabag clash

    David Luiz could return in defence after he lost his place to Andreas Christensen following the loss at Roma. However I just feel that the [1.34] is just too short . "It is not hard (to motivate the players)".
  • Case Keenum will remain Vikings' starting QB in Week 12

    Case Keenum will remain Vikings' starting QB in Week 12

    The Minnesota Vikings are on a six-game winning streak and sitting in a tie for second in the NFC at 8-2. With Bridgewater breathing down his neck, Keenum has only elevated his play against solid competition.

    Experts Analysis on Share Price: Cognizant Technology Solutions Corporation (CTSH)

    Comgest Global Investors S.A.S. raised its stake in Cognizant Technology Solutions Corporation by 57.7% during the 2nd quarter. The stock of Cognizant Technology Solutions Corp (NASDAQ: CTSH ) has "Buy" rating given on Thursday, August 6 by Needham.
    Accused NYC terrorist faces 20 new charges, including murder

    Accused NYC terrorist faces 20 new charges, including murder

    Saipov also asked during his interview with authorities if he could display the ISIS flag in his hospital room after the attack. His injury was minor enough that he was transferred to a prison facility in Manhattan two days later.
  • National Football League  owners believe anthem policy will change if protests continue, report says

    National Football League owners believe anthem policy will change if protests continue, report says

    The decision could come as early as the annual league meeting in March, the Washington Post reported . The change was made in 2009, requiring players and coaches to be on the field during the anthem.
    Chrissy Teigen and John Legend announce they're expecting baby number two

    Chrissy Teigen and John Legend announce they're expecting baby number two

    And - spoiler alert - thanks to Chrissy's caption, we can be sure that the baby is, without a doubt, John's . Even after her experience with depression, Teigen hasn't been shy about saying she wanted more kids.

    Patterson Companies, Inc. (NASDAQ:PDCO) Shares on the Go mid-Session

    Patterson Companies now has $3.30B valuation. ( NASDAQ PDCO ) traded down $1.22 during trading hours on Tuesday, hitting $34.82. The company exchanged hands with 3154978 shares compared to its average daily volume of 1.56M shares. (NASDAQ: PDCO ).
  • Adelaide United's Marrone could face discipline after FFA Cup ball boy push

    Adelaide United's Marrone could face discipline after FFA Cup ball boy push

    Marrone grabbed the youngster, who needed no excuses to hit the deck and then a brawl broke out between both sets of players. The right back was sent off for the incident, and will likely miss several games.
    In court, Ray Allen denies claims he 'stalked' his catfish

    In court, Ray Allen denies claims he 'stalked' his catfish

    Allen was duped by a man into communicating with several "attractive" women. Allen, 42, last played in the National Basketball Association in 2014.
    Pixel 2 update will fix buzzing issue

    Pixel 2 update will fix buzzing issue

    We also suspect more Android users will be able to use Google Lens in the future as well so stay tuned. Text: Save information from business cards, follow URLs, call phone numbers and navigate to addresses.