Intel issues security alert for processors vulnerable to remote attack

[CubesTheGamer]

Quote

Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack. Using the vulnerabilities, the most severe of which was uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research, remote attackers could launch commands on a host of Intel-based computers, including laptops and desktops shipped with Intel Core processors since 2015.

...

The company has posted a detection tool on its support website for Windows and Linux to help identify systems that are vulnerable.

 

Intel has finally issued a security alert telling users and manufacturers that there is a security flaw in the Intel Management Engine firmware versions 11.0 through 11.20.

 

I recommend everyone go to the detection tool on Intel's support website (linked above) to download and test their machine for vulnerabilities. If you own an Intel Core processor (including Core i3, Core i5, and Core i7) that is Skylake or later, an Intel Xeon processor (including E3-1200 v5 & v6 Product Family) that was released 2015 or later, you may be vulnerable to remote attack. This attack also extends to some Atom and Apollo Pentium/Celeron processors used in IoT devices and mobile devices.

 

I also recommend checking your motherboard manufacturer's website to download any UEFI flash updates that may be needed to remedy these issues.

 

Source: ArsTechnica (https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/)

 

[Armakar]

(Removed)

[Cyberspirit]

13 minutes ago, Armakar said:

It would be useful if their shitty program worked.. rather than just a command prompt that closes 8 seconds later

You have to use Intel-SA-00086-GUI.exe in the DiscoveryTool.GUI Folder.

[CubesTheGamer]

2 minutes ago, VegetableStu said:

is this new info enough? o_o

anyways: the way they mention the Core CPUs:

• 6th, 7th & 8th Generation Intel® Core™ Processor Family

Does Broadwell-E fall under the 6th, or technically under the 5th (because Broadwell mainstream was 5th)?

I found it to not quite speak more of the security flaw so much as they just spoke of the detection tool. My post/article focuses more around the flaw itself than the detection tool.

[.Ocean]

15 minutes ago, Armakar said:

It would be useful if their shitty program worked.. rather than just a command prompt that closes 8 seconds later

Did you not notice that after closing it creates a txt file that is a log of the output? Try double clicking on that and you will see the system vulnerability analysis result. They aren't going to make some pretty wizard that walks enterprise security analysts though holding their hand. This is meant to be widely deployed in enterprise and as such has to be light weight and have the ability to be automated.

[Cyberspirit]

So after I downloaded the latest Chipset driver ( Version 11.7.0.104020 Released at 17/11/01 ) the tool says that my system should be safe.

Here's a picture of the tool:

Spoiler

 

Just go to your Motherboard's support page and check if there is an Update to your Chipset driver.

Spoiler

 

 

[CubesTheGamer]

38 minutes ago, VegetableStu said:

Yeah gonna answer my own question:

 

So I had a look at intel's processor PDFs and:

Title: 6th Gen Intel® Core™ X-Series Processor Family Datasheet, Vol. 1

Page 7; Section 1: Introduction:

I know the HEDT CPUs were usually numbered a year apart, but I didn't know it's product literature canon ._.

I believe Broadwell-E is 6th generation since the processor names begin with the number 6. (E.g. i7-6800k) 

 

according to Intel’s naming scheme that would make it a 6th gen processor. 

 

Not sure if that necessarily means it’s vulnerable but it sounds like it might be and should be checked. 

[PocketNerd]

Hey Intel, remember how you have an OS and a web server installed in your CPUs? Did you not stop to think for a nano-second that maybe it was a bad idea?

[Dabombinable]

Haswell is vulnerable as well.

Edit: OK, which do I believe, the command line or GUI version?

[Cyberspirit]

7 minutes ago, Dabombinable said:

Haswell is vulnerable as well.

Edit: OK, which do I believe, the command line or GUI version?

They are the same.

The GUI version is just more user-friendly.

[Dabombinable]

6 minutes ago, Cyberspirit said:

They are the same.

The GUI version is just more user-friendly.

Well the command line version said that my computer is vulnerable, while the GUI version said its not...

[Cyberspirit]

2 minutes ago, Dabombinable said:

Well the command line version said that my computer is vulnerable, while the GUI version said its not...

Interesting what CPU and MOBO do you have? If there is a fix for the chipset might as well update it.

[Dabombinable]

26 minutes ago, Cyberspirit said:

Interesting what CPU and MOBO do you have? If there is a fix for the chipset might as well update it.

4790K+Z97 Sabertooth MKII. I have however installed the update from the 17/1 this year.

[Cyberspirit]

25 minutes ago, Dabombinable said:

4790K+Z97 Sabertooth MKII. I have however installed the update from the 17/1 this year.

I can't see a fix on Asus's website for your MOBO so you will probably have to wait.

However, I highly doubt that any of us is in danger because of this.

[AlTech]

RIP

 

[TheCherryKing]

I assume Skylake-SP is vulnerable too. 

[TheCherryKing]

7 hours ago, Dabombinable said:

Haswell is vulnerable as well.

Edit: OK, which do I believe, the command line or GUI version?

Haswell is not vulnerable.

 

[Drak3]

9 hours ago, VegetableStu said:

is this new info enough? o_o

anyways: the way they mention the Core CPUs:

• 6th, 7th & 8th Generation Intel® Core™ Processor Family

Does Broadwell-E fall under the 6th, or technically under the 5th (because Broadwell mainstream was 5th)?

BWE is part of the 6th generation in terms of the product line grouping. However, I believe the LGA 2011-3 CPUs don't have this issue.

 

1 hour ago, TheCherryKing said:

Haswell is not vulnerable.

Running the tool on HWE isn't going to mean anything. HWE is a rebrand and firmware change of Xeon E5 processsors, which aren't on the list of affected processors.

[MegaDave91]

"This system is vulnerable." 

[dfsdfgfkjsefoiqzemnd]

X99 Haswell-E and Z77 Sandy here, so not vulnerable.  I ran the tool on the X99 machine just to make sure.

The laptops are an Ivy and a 2008 Atom, so those should be good too. 

[kirashi]

Ran the tool on my i7-7700HQ Dell XPS 15 9560 system: It's vulnerable. Thankfully, Dell has announced BIOS firmware 1.6.0 will be released in December, so I'm not too far out for a fix. Although personally I believe that Intel should be 100% responsible for this and have a ready-to-go solution available for download today right now as who do you think I'm going to blame should my system get exploited between now and December?  

[Egg-Roll]

Based on the analysis performed by this tool: This system is vulnerable.
 

MSI has yet to release one to me via live update, and I doubt they will actually do it...

[dfsdfgfkjsefoiqzemnd]

16 minutes ago, Egg-Roll said:

MSI has yet to release one to me via live update, and I doubt they will actually do it...

Get in touch with MSI's support, they're usually quite fast and always accurate when replying to my technical questions. 

[Bananasplit_00]

ima check on my home system as well but that SHOULD be safe seeing as its only 4th gen

[kaiju_wars]

Am I safe to assume mobile skylake is also vulnerable?