Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable

Discussion in 'Hardware Components and Aftermarket Upgrades' started by Dr. AMK, Nov 21, 2017.

  1. Papusan

    Papusan BGABOOKS = That sucks!! STAHP! Dont buy FILTH...

    Reputations:
    10,183
    Messages:
    17,513
    Likes Received:
    25,179
    Trophy Points:
    931
    I don't run the tool 24/7/365. Or use the pict as wallpaper:D So the obsolete message, doesn't bother me at all. The important message is "painted" in Green:oops:
     
    Vasudev and aaronne like this.
  2. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    2,319
    Messages:
    5,584
    Likes Received:
    3,415
    Trophy Points:
    431
    Its better to run full MEI suite from Intel and atleast avoid possible riskware from Intel.
     
  3. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,316
    Messages:
    15,240
    Likes Received:
    18,711
    Trophy Points:
    931
    U.S. government warns about cyber bug in Intel chips
    NOVEMBER 21, 2017 / 4:24 PM
    https://www.reuters.com/article/us-...-about-cyber-bug-in-intel-chips-idUSKBN1DM01R

    "The U.S. government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.

    The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as “Management Engine” that shipped with eight types of processors used in business computers sold by Dell Technologies Inc, Lenovo Group Ltd, HP Inc, Hewlett Packard Enterprise Co and other manufacturers.

    Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.

    “These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years,” said Jay Little, a security engineer with cyber consulting firm Trail of Bits.

    For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need to know the administrator’s user name and password, Little said. Attackers could break in without those credentials if they have physical access to the computer, he said.

    Intel said that it knew of no cases where hackers had exploited the vulnerability in a cyber attack.

    The Department of Homeland Security advised computer users to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. It also urged them to contact computer makers to obtain software updates and advice on strategies for mitigating the threat. (bit.ly/2zqhccw)

    Intel spokeswoman Agnes Kwan said the company had provided software patches to fix the issue to all major computer manufacturers, though it was up to them to distribute patches to computers users.

    Dell’s support website offered patches for servers, but not laptop or desktop computers, as of midday Tuesday. Lenovo offered fixes for some servers, laptops and tablets and said more updates would be available Friday. HP posted patches to its website on Tuesday evening.

    Security experts noted that it could take time to fix vulnerable systems because installing patches on computer chips is a difficult process.

    “Patching software is hard. Patching hardware is even harder,” said Ben Johnson, co-founder of cyber startup Obsidian Security."
     
    Dr. AMK likes this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,316
    Messages:
    15,240
    Likes Received:
    18,711
    Trophy Points:
    931
    Intel Management Engine pwned by buffer overflow
    Security researchers lift lid on snafu at Black Hat Europe
    By Thomas Claburn in San Francisco 6 Dec 2017 at 16:30
    https://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/

    "On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough."
    Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).

    The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.

    It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."

    The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.

    But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.

    The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.

    They claim to have employed a generic technique to bypass the stack canary, a value written to memory to catch overflows via change detection, thereby allowing them to run executable code using Return Oriented Programming.

    Though the vulnerabilities require local access to an affected machine or the credentials to access the machine through a remote IT management system, an Active Management Technology (AMT) flaw disclosed by Intel in May raises the possibility of a remote attack.

    "Given the massive penetration of devices with Intel chips, the potential scale for attacks is big, everything from laptops to enterprise IT infrastructure is vulnerable," the pair said in a statement emailed to The Register.

    "Such a problem is very hard to resolve – requiring a manufacturer to upgrade firmware, and attackers exploiting it may be just as difficult to detect."

    Dino Dai Zovi, co-founder and CTO of security biz Capsule8, in an email toThe Register, said the most troubling aspect of the research is that it may be exploited without the need to open the target system's enclosure.

    "This is not a huge impediment to an attacker with physical access, but as some laptops have case tamper switches, it is able to bypass that protection," he said.

    Ermolov and Goryachy contend patches for the flawed hardware related to CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707 don't preclude the possibility of exploitation because an attacker with access to the ME-region firmware can overwrite it with a vulnerable version for exploitation.

    "Writing an older version of the ME firmware typically requires either writing to the flash chip directly or taking advantage of weak BIOS protections, which would depend on the vendor's particular configuration," said Dai Zovi.

    The US government's concern about ME exploitation has made it to the private sector. Hardware vendors Dell, Purism, and System76 are now offering gear with Intel's ME disabled. And Google has been working onNERF (Non-Extensible Reduced Firmware), an open source software system based on u-root that replaces UEFI and the Intel ME with a small Linux kernel and initramfs (which mount the root file system).

    Dai Zovi observed that in addition to these vendor options, "the security community has responded to distrust of the ME by developing a number of open source projects to disable it," such as me_cleaner and Heads.

    Asked whether Intel has any plans to alter the way its Management Engine works or to offer chips without the ME, a company spokesperson suggested such requests should be directed to hardware vendors.

    "The Management Engine (ME) provides important functionality our users care about, including features such as secure boot, two-factor authentication, system recovery, and enterprise device management," the spokesperson said.

    "System owners with specialized requirements should contact the equipment manufacturers for this type of request. However, since any such configuration necessarily removes functionality required in most mainstream products, Intel does not support such configurations." "
     
    Dr. AMK, Maleko48 and Vasudev like this.
  5. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,316
    Messages:
    15,240
    Likes Received:
    18,711
    Trophy Points:
    931
    Intel® Management Engine Critical Firmware Update (Intel-SA-00086)
    Last Reviewed: 26-Dec-2017 (most recent updates)

    Article ID: 000025619
    https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
    Intel® Management Engine (Intel® ME 6.x/7.x/8.x/9.x/10.x/11.x), Intel® Trusted Execution Engine (Intel® TXE 3.0), and Intel® Server Platform Services (Intel® SPS 4.0) vulnerability (Intel-SA-00086)

    In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of the following with the objective of enhancing firmware resilience:
    • Intel® Management Engine (Intel® ME)
    • Intel® Trusted Execution Engine (Intel® TXE)
    • Intel® Server Platform Services (SPS)
    Intel has identified security vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms.

    Systems using Intel ME Firmware versions 6.x-11.x, servers using SPS Firmware version 4.0, and systems using TXE version 3.0 are impacted. You may find these firmware versions on certain processors from the:
    • 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation Intel® Core™ Processor Families
    • Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
    • Intel® Xeon® Processor Scalable Family
    • Intel® Xeon® Processor W Family
    • Intel Atom® C3000 Processor Family
    • Apollo Lake Intel Atom® Processor E3900 series
    • Apollo Lake Intel® Pentium® Processors
    • Intel® Pentium® Processor G Series
    • Intel® Celeron® G, N, and J series Processors
    To determine if the identified vulnerabilities impact your system, download and run the Intel-SA-00086 Detection tool using the links below.

    Frequently Asked Questions Section

    Available resources
    Resources for Microsoft and Linux* users
    Note Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712. These CVEs only affect systems with Intel® Active Management Technology (Intel® AMT) version 8.x-10.x. Users of systems with Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146, or later. Installing this version helps to verify the status of their system with regard to the INTEL-SA-00086 Security Advisory. You can check the version of the INTEL-SA-00086 Detection Tool by running the tool and looking for the version information in the output window.

    Resources from system/motherboard manufacturers

    Note Links for other system/motherboard manufacturers will be provided when available. If your manufacturer is not listed, contact them for information on the availability of the necessary software update.
    Intel Customer Support to submit an online service request.

    This article applies to:
    Active Products

    Intel® Server Platform Services Firmware
    Intel® Management Engine
    Intel® Trusted Execution Technology (Intel® TXT)

     
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,316
    Messages:
    15,240
    Likes Received:
    18,711
    Trophy Points:
    931
    Get These Laptops With Intel ME Chip Disabled From Dell, System76, And Purism
    December 5, 2017
    https://fossbytes.com/laptops-intel-me-chip-disabled/
    backdoor-intel-management-engine.jpg

    "The Intel ME chip which recently became popular is giving sleepless nights to the security community and PC users around the world.

    Why? Because the vulnerabilities in the Management Engine chip, running a closed source variant of MINIX OS, can allow attackers to take complete control of a system without the users noticing.

    What now? Several PC manufacturers have tried to take advantage of the situation and made attempts to build user trust by offering laptops with Intel ME chip disabled. Yes, probably the chips can be disabled through a feature designed to leave the management engine inoperable on machines purchased by government bodies.

    Dell Laptops With Intel ME chip disabled
    The American PC manufacturer Dell is willing to disable the vulnerable Intel chip on selected machines if the user is willing to pay $20 fee (spotted by a Reddit user).

    You can disable the chip on Dell’s New Latitude 14 Rugged Laptop. Visit the product page and choose “Intel vPro – ME Inoperable, custom order” which will increase the bill amount by $20.92.

    The other Dell machines include Latitude 15 E5570 laptop and Latitude 12 Rugged Tablet.

    Purism Laptops with Intel ME chip disabled
    Purism was probably the first company to announce that their Librem series laptops would come with the Management Engine disabled out of the box. For the Laptops released in the recent past, the company is providing the same via software update. It was a little bit difficult for Purism as their laptops run the open source firmware ‘coreboot’.

    You can find Librem13 and Librem 15 shipping with ME firmware disabled at thisproduct page.

    System76 Laptop with Intel ME chip disabled
    Unlike Dell, System76 is offering to turn off the ME chip on all of their new machines. In a blog post, the company provides the list of all affected laptops.

    They have released an open source tool which can be used to disable ME chip on all of their laptops. Users can download the tool from this GitHub page."
     
    Dr. AMK, Starlight5 and inm8#2 like this.
  7. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,264
    Messages:
    909
    Likes Received:
    2,017
    Trophy Points:
    156
  8. Vasudev

    Vasudev Notebook Prophet

    Reputations:
    2,319
    Messages:
    5,584
    Likes Received:
    3,415
    Trophy Points:
    431
    Yeah not significant at all because you will be forced to buy new and better CPUs with security first approach which costs/adds 20% extra price.
    If they publicly say its affected, everybody will switch to slower AMD CPU which has near zero risk.
     
    Last edited: Jan 7, 2018
    hmscott and Dr. AMK like this.
  9. Dr. AMK

    Dr. AMK The Strategist

    Reputations:
    1,264
    Messages:
    909
    Likes Received:
    2,017
    Trophy Points:
    156
    Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

    [​IMG]
    If you think that only CPU updates that address this year's major security flaws—Meltdown and Spectre—are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to.

    Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild.

    Sixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework.


    The zero-day vulnerability (CVE-2018-0802), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months.

    The vulnerability, discovered by several researchers from Chinese companies Tencent and Qihoo 360, ACROS Security's 0Patch Team, and Check Point Software Technologies, can be exploited for remote code execution by tricking a targeted user into opening a specially crafted malicious Word file in MS Office or WordPad.

    According to the company, this security flaw is related to CVE-2017-11882—a 17-year-old vulnerability in the Equation Editor functionality (EQNEDT32.EXE), which Microsoft addressed in November.

    When researchers at 0Patch were analysing CVE-2017-11882, they discovered a new, related vulnerability (CVE-2018-0802). More details of CVE-2018-0802 can be found in a blog post published by Check Point.

    Besides CVE-2018-0802, the company has addressed nine more remote code execution and memory disclosure vulnerabilities in MS Office.

    A spoofing vulnerability (CVE-2018-0819) in Microsoft Outlook for MAC, which has been listed as publicly disclosed (Mailsploit attack), has also addressed by the company. The vulnerability does not allow some versions Outlook for Mac to handle the encoding and display of email addresses properly, causing antivirus or anti-spam scanning not to work as intended.


    Microsoft also addressed a certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that could allow malware authors to show their invalid certificates as valid.

    "An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose," describes Microsoft. "This action disregards the Enhanced Key Usage taggings."

    The company has also patched a total of 15 vulnerabilities in the scripting engine used by Microsoft Edge and Internet Explorer.

    All these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet.

    Meanwhile, Adobe has patched a single, out of bounds read flaw (CVE-2018-4871) this month that could allow for information disclosure, though no active exploits have been seen in the wild.

    Users are strongly advised to apply October security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.

    For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.
     
    hmscott and macmyc like this.
  10. macmyc

    macmyc Notebook Consultant

    Reputations:
    73
    Messages:
    233
    Likes Received:
    166
    Trophy Points:
    56
    Still haven't received the updates for Meltdown and these new patches, is there anything i can do before getting them from the catalog?
     
Loading...

Share This Page