Hardware & Technical If you are an Intel Skylake and later CPU user, you need to patch up!

Zak Gordon

Zak Gordon
'PC vendors scramble as Intel announces vulnerability in firmware':

https://arstechnica.co.uk/informati...d-vulnerability-in-pc-server-device-firmware/

Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms is vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015. They could gain access to privileged system information, and millions of computers could essentially be taken over as a result of the bug.

The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable. In the security alert, members of Intel's security team stated that "in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience."

Four vulnerabilities were discovered that affect Intel Management Engine firmware versions 11.0 through 11.20. Two were found in earlier versions of ME, as well as two in Server Platform Services version 4.0 firmware and two in TXE version 3.0.

The bugs affect the following Intel CPUs:

* Intel Core processors from the 6th generation ("Skylake"), 7th generation ("Kaby Lake"), & 8th Generation ("Kaby Lake-R" and "Coffee Lake") families—the processors in most desktop and laptop computers since 2015;
* Multiple Xeon processor lines, including the Xeon Processor E3-1200 v5 & v6 Product Family, Xeon Processor Scalable family, and Xeon Processor W family;
* The Atom C3000 Processor Family and Apollo Lake Atom Processor E3900 series for networked and embedded devices and Internet of Things platforms, and
* Apollo Lake Pentium and Celeron™ N and J series Processors for mobile computing.
Click to expand...

So if you got one of those use the links in the article to get patched.

I was pretty annoyed when it was announced that Skylake and onwards CPU's would not allow anything other than Windows 10 to run on them, they (Intel and MS) went to great lengths to ensure Windows 10 was all pervasive, and i suppose this is a great example of the more complex you build your system, the more bugs there will be? Anyway i have decided to jump ship from Intel and MS going forward in my PC builds, i just don't support this 'data-gathering' generation at all, but for those on these systems you can atleast patch the current problem, if you can't solve the data-gathering one!
 

RidingTheFlow

RidingTheFlow
Ahhh, the Intel ME. Now that's a famous "administrative" backdoor, been here for years - I was wondering when it will finally blow up.
 

duckofdeath

duckofdeath
We add more code to get more security, which adds more available code for potential exploits... :D
I think all management interfaces, be it HP, Dell and whatnot, has had exploits like this over the years. Let's just hope Intel is able to patch it up fast.
 

Porina

Porina
Saw elsewhere and checked up on my Skylake+ systems:

:) Asrock Z370 Pro4 - Current bios not vulnerable, presumably ME update included in bios 1.30 dated 2017/11/2
:) Asus Z170 Maximus VIII Hero - Vulnerable with 3504 bios. ME patch available dated 2017/11/09
:( Asus Z170I Pro Gaming - current bios vulnerable, dated 2017/07/21
:( Asus X299 TUF Mark 2 - current bios vulnerable, dated 2017/09/15
:( MSI Z170A Gaming Pro - current bios vulnerable, dated 2017-04-24
:( MSI GE62 6QF - current bios vulnerable, dated 2016-10-26 (there is newer date bios available which is even older version intended to use as stepping stone update for really old bios)
 
Last edited:

FoxTwo

FoxTwo
Thanks OP. Just checked my motherboard's support page and they have a new BIOS dated 8 Nov which specifically addressed this.

Now I'm all patched up :)
 

Shadowdancer

Shadowdancer
And that's only a tiny band-aid on a tiny part of the the gaping hole that intel has been building into their CPUs for years and shows no intention of providing proper fixes for (i.e., making it possible for everyone to permanently disable the crap via the undocumented literally NSA killswitch that some researchers found). It's at a point where I wonder why there's no massive backlash from corporate customers steadfastly refusing to buy machines using their CPUs until that's cleared up.
 

GraXXoR

GraXXoR
FoxTwo said:
Thanks OP. Just checked my motherboard's support page and they have a new BIOS dated 8 Nov which specifically addressed this.

Now I'm all patched up :)
Click to expand...

Crikey, your avatar gave me a shock... Out of the corner of my eye it looked like a black leather thong...

\o_O/
 

Polygonal Spaceship

P
Zak Gordon said:
I was pretty annoyed when it was announced that Skylake and onwards CPU's would not allow anything other than Windows 10 to run on them, they (Intel and MS) went to great lengths to ensure Windows 10 was all pervasive, and i suppose this is a great example of the more complex you build your system, the more bugs there will be? Anyway i have decided to jump ship from Intel and MS going forward in my PC builds, i just don't support this 'data-gathering' generation at all, but for those on these systems you can atleast patch the current problem, if you can't solve the data-gathering one!
Click to expand...

I'm just in the middle of designing a new machine myself. This is unwelcome news (I'm not a Linux power user, but I like to tinker with it and would ideally like to move away from Windows for those routine things I don't need it for); Intel have basically just made my mind up on the "Intel/nVidia or AMD" question for me.

Shadowdancer said:
And that's only a tiny band-aid on a tiny part of the the gaping hole that intel has been building into their CPUs for years and shows no intention of providing proper fixes for (i.e., making it possible for everyone to permanently disable the crap via the undocumented literally NSA killswitch that some researchers found). It's at a point where I wonder why there's no massive backlash from corporate customers steadfastly refusing to buy machines using their CPUs until that's cleared up.
Click to expand...

That's... unexpected. Even in this day and age I would've said anyone claiming such a thing was paranoid beyond belief. But I looked into it, and you're right, and I'm shocked.
 

Bladefeather

Bladefeather
Zak Gordon said:
I was pretty annoyed when it was announced that Skylake and onwards CPU's would not allow anything other than Windows 10 to run on them, they (Intel and MS) went to great lengths to ensure Windows 10 was all pervasive, and i suppose this is a great example of the more complex you build your system, the more bugs there will be? Anyway i have decided to jump ship from Intel and MS going forward in my PC builds, i just don't support this 'data-gathering' generation at all, but for those on these systems you can atleast patch the current problem, if you can't solve the data-gathering one!
Click to expand...
I am patched up, wish I would not have to do this though... I think you meant to say Kaby Lake though. I have a Skylake cpu and it runs Windows 7 perfectly fine, but I have seen reports of Kaby Lake only working on Windows 10.
 

Shadowdancer

Shadowdancer
Polygonal Spaceship said:
That's... unexpected. Even in this day and age I would've said anyone claiming such a thing was paranoid beyond belief. But I looked into it, and you're right, and I'm shocked.
Click to expand...
Right? A year or so ago, stating that most CPUs by a major manufacturer had undocumented and easily exploitable backdoors (think "customs agent plugging in a USB thing", but it's so far down that it may still be open to other avenues…) was straight up tinfoil hat material, but now it's not so much. It's screwed up that intel are getting away it.
 

Polygonal Spaceship

P
Shadowdancer said:
Right? A year or so ago, stating that most CPUs by a major manufacturer had undocumented and easily exploitable backdoors (think "customs agent plugging in a USB thing", but it's so far down that it may still be open to other avenues…) was straight up tinfoil hat material, but now it's not so much. It's screwed up that intel are getting away it.
Click to expand...

I wonder if Intel is a spin-off of the Central Intelligence Agency..? :D
 
You must log in or register to reply here.
Back
Top Bottom