Managing Security Risk in the Face of Intel ME Vulnerabilities
In May 2017, Intel publicly released a critical vulnerability
advisory concerning its Active Management Technology (AMT). The
initial report detailed privilege escalation risk under CVE-2017-5689,
which was patched by
Intel.
Later
in the year, researchers from Russia-based Positive Technologies discovered
additional vulnerabilities in the firmware. The duo submitted the information
to Black Hat Europe and announced that they plan
to share it publicly in a 50-minute briefing on Dec. 6, 2017.
On
Nov. 20, 2017, Intel released information
on eight additional bugs found with relation to its ME technology, and
confirmed that those can affect millions of endpoints and servers worldwide.
The
vulnerabilities reported to date affect Intel Management Engine (Intel ME
11.0.0-11.7.0), Intel® Trusted Execution Engine (Intel TXE 3.0) and Intel
Server Platform Services (Intel SPS 4.0). To help users determine if their
assets are vulnerable
or not, Intel released Intel-SA-00086 Detection tool. Via the advisory,
users are directed to system manufacturers for patch updates and support.
Per
its own security review, Intel notes that the vulnerabilities it found could
affect PCs, servers and IoT platforms.
ME -> MINIX -> AMT, Where Did This Actually Start?
Continue reading this post here.
Extremely useful information which you have shared here about information security. This is a great way to enhance knowledge for us, and also beneficial for us. Thank you for sharing a post like this. Data Security Consultant
ReplyDeleteExcellent information, this knowledge is excellent and very important for everyone. I am heartily thankful to you for providing this kind of information. Thanks once again for sharing it. pls visit our website video surveillance systems
ReplyDeleteI admire this article for the well-researched content and excellent wording. Read more info about Web Security Consulting For Business. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.
ReplyDelete