SourceThere's a huge and extremely worrying range of flaws in newer Intel processors which could allow hackers to take full control over the relevant machines - with millions of PCs potentially affected.
After a severe exploit was uncovered by Mark Ermolov and Maxim Goryachy, Moscow-based security experts who work for Positive Technologies Research, Intel has admitted that some 10 vulnerabilities exist in the Intel Management Engine, Trusted Execution Engine and Server Platform Services
........they affect all of Intel's Core series of processors from Skylake (6th-generation) onwards, including the firm's latest 8th-gen CPUs.
.
The article talks about the it being used for remote admin. So is it possible to gain access from a remote location?Originally Posted by Zen00
From Steve Gibson, yes it's a huge security hole. If you have a Skylake or newer CPU then anyone with PHYSICAL access to your computer can completely own it.
For the average person that's okay and probably won't affect you. But for someone like say, the CEO of a major company, or the president... if a spy could get access for only a few seconds to their computer, all they'd need to do is plug in a USB stick and bam, everything on the computer will be theirs to access.
I can appreciate the sentiment, but do know that AMD has their own version of this crap. It doesn't go as far back in their product line, but it's the way of the future.
It's probably unlikely that AMD would code their own CPU management layer with exactly the same holes as Intel, though.
will check it out later thxOriginally Posted by WannaBeOCer
I patched mine last night. I suggest you guys do the same.
https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
Detection tool:
https://downloadcenter.intel.com/download/27150
I getOriginally Posted by WannaBeOCer
I patched mine last night. I suggest you guys do the same.
https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
Detection tool:
https://downloadcenter.intel.com/download/27150
And the fix is just an obfuscation so current detection stops freaking out. I'd buy that.
Thanks!Originally Posted by WannaBeOCer
I patched mine last night. I suggest you guys do the same.
https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
Detection tool:
https://downloadcenter.intel.com/download/27150
*I am not responsible for bricked motherboards*
The point was rather obviously that with a similar system in place, it too is subject to exploitation. It makes his boastful statement look silly since he's throwing rocks from a glass house.
Thanks for the help. +RepOriginally Posted by WannaBeOCer
Quote:
*I am not responsible for bricked motherboards*
It is simple and only takes a few minutes but it could brick your motherboard if you don't read carefully.If you don't have a vulnerability don't risk it.
You have a 7 series board so you will need the Intel ME System Tools v8 r3 and consumer Intel ME 8 1.5MB Firmware v8.1.70.1590
Use the win64 FWUpdate tool in an escalated command prompt.
fwupdate -f v8.1.70.1590.bin
Of course it doesn't have the same holes - It has different ones!
Hi,Originally Posted by WannaBeOCer
I patched mine last night. I suggest you guys do the same.
https://www.win-raid.com/t596f39-Intel-Management-Engine-Drivers-Firmware-amp-System-Tools.html
Detection tool:
https://downloadcenter.intel.com/download/27150
Risk Assessment
Based on the analysis performed by this tool: This system is not vulnerable.
For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
INTEL-SA-00086 Detection Tool
Application Version: 1.0.0.128
Scan date: 2017-11-22 5:28:38 PM
Host Computer Information
Name: DESKTOP-I3PFOII
Manufacturer: MSI
Model: MS-7888
Processor Name: Intel(R) Core(TM) i5-4690K CPU @ 3.50GHz
OS Version: Microsoft Windows 10 Pro
Intel(R) ME Information
Engine: Intel(R) Management Engine
Version: 9.1.37.1002
SVN: 0
Copyright(C) 2017, Intel Corporation, All rights reserved.