6 private links
In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. ...Intel dans l'œil du cyclone
Positive Technologies researchers Maxim Goryachy and Mark Ermolov have discovered a vulnerability that allows running unsigned code. The vulnerability can be used to activate JTAG debugging for the Intel Management Engine processor core. When combined with DCI, this allows debugging ME via USB.
Update: We’ve been getting a lot of great feedback from people on HackerNews and Reddit. Here are answers to a few common questions:
• The System76 Firmware Update Tool is Open Source and located at...
According to Google, which is actively working to remove Intel’s Management Engine (MINIX) from their internal servers (for obvious security reasons), the following features exist within Ring -3:
- Full networking stack
- File systems
- Many drivers (including USB, networking, etc.)
- A web serverBlack Hat Europe 2017
Our team of Positive Technologies researchers has delved deep into the internal architecture of Intel Management Engine (ME) 11, reveali...There's two things that don't get mentioned much with this issue.
-
There's a second bug that allows non-root local users to provision AMT. "An unprivileged local attacker could provision manageability features"[1]
-
Access to AMT allows you to boot a recovery image, mount local drives, and do whatever you like with the included remote KVM.[2][3]
So, even if this is turned off, there are issues to address. If it's on, they have control of the whole machine, remotely. It's as bad as it can get.
Patch for severe authentication bypass bug won’t be available until next week.
With recent chipsets, Intel offers a mechanism called Active Management Technology (Intel AMT, part of the “vPro”* featureset, specifically the Intel Management Engine) which, Intel says,“allows IT or managed service providers to better discover, repair, and protect their networked computing assets”. This means somebody can control devices remotely, even when powered off—what is officially called out-of-band system access.
me_cleaner is a tool to remove as much code as possible from an Intel ME/TXE/SPS image.
If you did not know, built into all modern Intel-based platforms is a small, low-power computer subsystem called the Intel Management Engine (ME). It performs various tasks while the system is in sleep mode, during the boot process, and also when your system is running.
Completely and permanently (unless you re-install it) disable Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability on Windows. These are components of the Intel Management Engine firmware.