The Notebook Review forums were hosted by TechTarget, who shut down them down on January 31, 2022. This static read-only archive was pulled by NBR forum users between January 20 and January 31, 2022, in an effort to make sure that the valuable technical information that had been posted on the forums is preserved. For current discussions, many NBR forum users moved over to NotebookTalk.net after the shutdown.
Problems? See this thread at archive.org.
← Previous pageNext page →

    Critical Flaws in Computers Leave Millions of PCs Vulnerable

    Discussion in 'Hardware Components and Aftermarket Upgrades' started by Dr. AMK, Nov 21, 2017.

  1. KY_BULLET

    KY_BULLET Notebook Evangelist

    Reputations:
    802
    Messages:
    655
    Likes Received:
    794
    Trophy Points:
    106
    @Mr. Fox ...It has the Z370 A Pro Mobo. I went to the support page and tried to do the update they have posted for it but my machine wouldn't take it. It wouldn't even recognize it. Good thing because the guys over on MSI forums said it would bricked my machine had I flashed it with that Bios.
     
    Vasudev likes this.
  2. Mr. Fox

    Mr. Fox BGA Filth-Hating Elitist

    Reputations:
    37,213
    Messages:
    39,333
    Likes Received:
    70,629
    Trophy Points:
    931
    Hmm. So sorry to hear that. That's really stupid of them. If it has essentially what amounts to a generic motherboard in it, those bastards must have done something malicious to it to make it a proprietary revision. That so terribly wrong of them. It raises all sorts of questions in my mind what else they might have done to cripple it and make it proprietary. Sounds like one of Dell's stupid stunts. They do the same kind of ignorant crap to their desktops. Having a proprietary control freak abortion largely defeats one of the greatest advantages to owning a desktop instead of a laptop. I intentionally avoided the inclusion of any MSI components in my desktop because of some of the unforgivable retarded nonsense I have seen them do on their laptops, including the mighty little 16L13. I have no use for cancer monkeys that behave that way. For exactly the same reason, it is extremely unlikely I will never allow any emasculated garbage from Dell or HP to darken my desk ever again.
     
    Last edited: Dec 8, 2017
    Chastity, KY_BULLET and Vasudev like this.
  3. RanCorX2

    RanCorX2 Notebook Evangelist

    Reputations:
    45
    Messages:
    385
    Likes Received:
    19
    Trophy Points:
    31
    what the password for the ME tool downloads? couldn't find it on prema's site.
     
  4. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    Its premamod.com
    Strictly applicable only to Clevo laptops and not others.
     
    hmscott likes this.
  5. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    4,346
    Messages:
    6,824
    Likes Received:
    6,112
    Trophy Points:
    681
    MSI motherboard update news. I've been through all the Z270 boards they offer and about 3/4 of them are patched for the latest vulnerability. Still none of the Z170 boards patched yet.
     
    hmscott, KY_BULLET and Vasudev like this.
  6. KY_BULLET

    KY_BULLET Notebook Evangelist

    Reputations:
    802
    Messages:
    655
    Likes Received:
    794
    Trophy Points:
    106
    My Z370 Codex XE patch still isnt available as of last night.
     
    hmscott and Vasudev like this.
  7. FaTT

    FaTT Notebook Consultant

    Reputations:
    24
    Messages:
    132
    Likes Received:
    76
    Trophy Points:
    41
    it says this desktop I just traded for is vunerable I downloaded the patch from asus ran it and it did absolutely nothing :-/..... but I am behind a Cisco small bis firewall should I even worry about this?
     
    hmscott and Vasudev like this.
  8. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    4,346
    Messages:
    6,824
    Likes Received:
    6,112
    Trophy Points:
    681
    Maybe it's because you're running a custom BIOS and the patch can't apply correctly because of that, just a thought?
     
    KY_BULLET, hmscott and Vasudev like this.
  9. FaTT

    FaTT Notebook Consultant

    Reputations:
    24
    Messages:
    132
    Likes Received:
    76
    Trophy Points:
    41
    well as far as the system knows its made by Asus, I think its because I uninstalled the MEI driver
     
    Vasudev likes this.
  10. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    4,346
    Messages:
    6,824
    Likes Received:
    6,112
    Trophy Points:
    681
    Yeah, I'd put it back to 'stock' as close as you can & then try again.
     
    Vasudev likes this.
  11. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    Before the update... Intel MEI Driver v11.7.0.1045 (Windows 8 & Windows 10) INF for manual installation. Don't install the bloated version.
     
    Maleko48 and Vasudev like this.
  12. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
  13. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    You can use both the installer and INF for manual installation. Bloatware will never do any good for you. At least use the MEI only installer. Not the fully Package. The point is use latest driver before flashing new firmware
     
    Last edited: Dec 10, 2017
    KY_BULLET and Vasudev like this.
  14. tilleroftheearth

    tilleroftheearth Wisdom listens quietly...

    Reputations:
    5,398
    Messages:
    12,692
    Likes Received:
    2,717
    Trophy Points:
    631
    Any chance you could upload that for us? :D

     
  15. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    Last edited: Dec 11, 2017
    KY_BULLET and tilleroftheearth like this.
  16. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    Here is the file
     

    Attached Files:

  17. hacktrix2006

    hacktrix2006 Hold My Vodka, I going to kill my GPU

    Reputations:
    677
    Messages:
    2,183
    Likes Received:
    1,419
    Trophy Points:
    181
    MSI Has just released it for the GT72-6Q series and it worked, flashing was very quick as well. I am quite shocked they released an update.
     
  18. macmyc

    macmyc Notebook Evangelist

    Reputations:
    159
    Messages:
    374
    Likes Received:
    316
    Trophy Points:
    76
    So MSI has finally added the firmware update for 6th generation CPUs but they didn't care about updating the Intel ME driver, so the version available to me is 11.6.0.1015 (Package_11.6.0.1117) (which is the one i have installed), intel minimum requirements is Intel® ME 11.8.50.3399 as written here, would it be safe to update with my current version tested by MSI or go and update as Intel recommends and then install the FW update?
     
    Vasudev likes this.
  19. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    It's better to update Intel ME before the FW update.
     
    Vasudev, Maleko48 and macmyc like this.
  20. macmyc

    macmyc Notebook Evangelist

    Reputations:
    159
    Messages:
    374
    Likes Received:
    316
    Trophy Points:
    76
    Well i have made a bit of confusion here. That version was for Intel ME Firmware and not the driver.
    I have updated successfully without touching the ME driver and now the detection tool says my system is patched. Thank you anyway
     
    Vasudev, Dr. AMK and hmscott like this.
  21. Robbo99999

    Robbo99999 Notebook Prophet

    Reputations:
    4,346
    Messages:
    6,824
    Likes Received:
    6,112
    Trophy Points:
    681
    For some reason MSI released a new Intel Management Engine Driver for my motherboard, but they haven't released a new BIOS:
    https://www.msi.com/Motherboard/support/Z170A-KRAIT-GAMING-3X.html#down-driver&Win10 64
    After updating to that latest Intel ME driver above my system is still showing vulnerable, I'm guessing it's the firmware that needs to be patched rather than the software, but as to why they've released a new Intel ME driver - who knows!
     
    Vasudev and Dr. AMK like this.
  22. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    Congratulations, you are welcome.
     
    macmyc and Vasudev like this.
  23. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    Here we go... Version 4 :D Intel-SA-00086 Detection Tool Version: 1.0.0.152 (Latest) Date: 12/19/2017
    When will the 5 version come? :rolleyes:

     
    aaronne, Vasudev and Dr. AMK like this.
  24. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    All my Clevo laptops still vulnerable until now. I tried everything :(.
    2 laptops EVOC P870DM3 + 1 P750ZM
     
    hmscott and Vasudev like this.
  25. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    Try Prema bhai's MEI FW update.
     
    hmscott and Dr. AMK like this.
  26. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    Have you tried in safe mode by reverting to BIOS defaults and flashing the FW. Disable AVs, Windows Update and BITS services too.
     
    Dr. AMK likes this.
  27. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    Good idea, will try it and see what will happen, thanks for your kind support.
     
    Vasudev likes this.
  28. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    Vasudev and Dr. AMK like this.
  29. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    Lucky you as always my friend... :)
     
    Papusan likes this.
  30. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    You might the full MEI suite to get rid of obsolete message. Install the full suite from Clevo and afterwards uninstall the MEI suite using revo to remove the MEI service spywares.
     
    Papusan and Dr. AMK like this.
  31. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    I don't run the tool 24/7/365. Or use the pict as wallpaper :D So the obsolete message, doesn't bother me at all. The important message is "painted" in Green :oops:
     
    Vasudev and aaronne like this.
  32. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    Its better to run full MEI suite from Intel and atleast avoid possible riskware from Intel.
     
  33. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    U.S. government warns about cyber bug in Intel chips
    NOVEMBER 21, 2017 / 4:24 PM
    https://www.reuters.com/article/us-...-about-cyber-bug-in-intel-chips-idUSKBN1DM01R

    "The U.S. government on Tuesday urged businesses to act on an Intel Corp alert about security flaws in widely used computer chips as industry researchers scrambled to understand the impact of the newly disclosed vulnerability.

    The Department of Homeland Security gave the guidance a day after Intel said it had identified security vulnerabilities in remote-management software known as “Management Engine” that shipped with eight types of processors used in business computers sold by Dell Technologies Inc, Lenovo Group Ltd, HP Inc, Hewlett Packard Enterprise Co and other manufacturers.

    Security experts said that it was not clear how difficult it would be to exploit the vulnerabilities to launch attacks, though they found the disclosure troubling because the affected chips were widely used.

    “These vulnerabilities affect essentially every business computer and server with an Intel processor released in the last two years,” said Jay Little, a security engineer with cyber consulting firm Trail of Bits.

    For a remote attack to succeed, a vulnerable machine would need to be configured to allow remote access, and a hacker would need to know the administrator’s user name and password, Little said. Attackers could break in without those credentials if they have physical access to the computer, he said.

    Intel said that it knew of no cases where hackers had exploited the vulnerability in a cyber attack.

    The Department of Homeland Security advised computer users to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. It also urged them to contact computer makers to obtain software updates and advice on strategies for mitigating the threat. ( bit.ly/2zqhccw)

    Intel spokeswoman Agnes Kwan said the company had provided software patches to fix the issue to all major computer manufacturers, though it was up to them to distribute patches to computers users.

    Dell’s support website offered patches for servers, but not laptop or desktop computers, as of midday Tuesday. Lenovo offered fixes for some servers, laptops and tablets and said more updates would be available Friday. HP posted patches to its website on Tuesday evening.

    Security experts noted that it could take time to fix vulnerable systems because installing patches on computer chips is a difficult process.

    “Patching software is hard. Patching hardware is even harder,” said Ben Johnson, co-founder of cyber startup Obsidian Security."
     
    Dr. AMK likes this.
  34. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    Intel Management Engine pwned by buffer overflow
    Security researchers lift lid on snafu at Black Hat Europe
    By Thomas Claburn in San Francisco 6 Dec 2017 at 16:30
    https://www.theregister.co.uk/2017/12/06/intel_management_engine_pwned_by_buffer_overflow/

    "On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough."
    Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).

    The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.

    It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."

    The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.

    But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.

    The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.

    They claim to have employed a generic technique to bypass the stack canary, a value written to memory to catch overflows via change detection, thereby allowing them to run executable code using Return Oriented Programming.

    Though the vulnerabilities require local access to an affected machine or the credentials to access the machine through a remote IT management system, an Active Management Technology (AMT) flaw disclosed by Intel in May raises the possibility of a remote attack.

    "Given the massive penetration of devices with Intel chips, the potential scale for attacks is big, everything from laptops to enterprise IT infrastructure is vulnerable," the pair said in a statement emailed to The Register.

    "Such a problem is very hard to resolve – requiring a manufacturer to upgrade firmware, and attackers exploiting it may be just as difficult to detect."

    Dino Dai Zovi, co-founder and CTO of security biz Capsule8, in an email to The Register, said the most troubling aspect of the research is that it may be exploited without the need to open the target system's enclosure.

    "This is not a huge impediment to an attacker with physical access, but as some laptops have case tamper switches, it is able to bypass that protection," he said.

    Ermolov and Goryachy contend patches for the flawed hardware related to CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707 don't preclude the possibility of exploitation because an attacker with access to the ME-region firmware can overwrite it with a vulnerable version for exploitation.

    "Writing an older version of the ME firmware typically requires either writing to the flash chip directly or taking advantage of weak BIOS protections, which would depend on the vendor's particular configuration," said Dai Zovi.

    The US government's concern about ME exploitation has made it to the private sector. Hardware vendors Dell, Purism, and System76 are now offering gear with Intel's ME disabled. And Google has been working on NERF (Non-Extensible Reduced Firmware), an open source software system based on u-root that replaces UEFI and the Intel ME with a small Linux kernel and initramfs (which mount the root file system).

    Dai Zovi observed that in addition to these vendor options, "the security community has responded to distrust of the ME by developing a number of open source projects to disable it," such as me_cleaner and Heads.

    Asked whether Intel has any plans to alter the way its Management Engine works or to offer chips without the ME, a company spokesperson suggested such requests should be directed to hardware vendors.

    "The Management Engine (ME) provides important functionality our users care about, including features such as secure boot, two-factor authentication, system recovery, and enterprise device management," the spokesperson said.

    "System owners with specialized requirements should contact the equipment manufacturers for this type of request. However, since any such configuration necessarily removes functionality required in most mainstream products, Intel does not support such configurations." "
     
    Dr. AMK, Maleko48 and Vasudev like this.
  35. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    Intel® Management Engine Critical Firmware Update (Intel-SA-00086)
    Last Reviewed: 26-Dec-2017 (most recent updates)

    Article ID: 000025619
    https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
    Intel® Management Engine (Intel® ME 6.x/7.x/8.x/9.x/10.x/11.x), Intel® Trusted Execution Engine (Intel® TXE 3.0), and Intel® Server Platform Services (Intel® SPS 4.0) vulnerability (Intel-SA-00086)

    In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of the following with the objective of enhancing firmware resilience:
    • Intel® Management Engine (Intel® ME)
    • Intel® Trusted Execution Engine (Intel® TXE)
    • Intel® Server Platform Services (SPS)
    Intel has identified security vulnerabilities that could potentially impact certain PCs, servers, and IoT platforms.

    Systems using Intel ME Firmware versions 6.x-11.x, servers using SPS Firmware version 4.0, and systems using TXE version 3.0 are impacted. You may find these firmware versions on certain processors from the:
    • 1st, 2nd, 3rd, 4th, 5th, 6th, 7th, and 8th generation Intel® Core™ Processor Families
    • Intel® Xeon® Processor E3-1200 v5 and v6 Product Family
    • Intel® Xeon® Processor Scalable Family
    • Intel® Xeon® Processor W Family
    • Intel Atom® C3000 Processor Family
    • Apollo Lake Intel Atom® Processor E3900 series
    • Apollo Lake Intel® Pentium® Processors
    • Intel® Pentium® Processor G Series
    • Intel® Celeron® G, N, and J series Processors
    To determine if the identified vulnerabilities impact your system, download and run the Intel-SA-00086 Detection tool using the links below.

    Frequently Asked Questions Section

    Available resources
    Resources for Microsoft and Linux* users
    Note Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712. These CVEs only affect systems with Intel® Active Management Technology (Intel® AMT) version 8.x-10.x. Users of systems with Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146, or later. Installing this version helps to verify the status of their system with regard to the INTEL-SA-00086 Security Advisory. You can check the version of the INTEL-SA-00086 Detection Tool by running the tool and looking for the version information in the output window.

    Resources from system/motherboard manufacturers

    Note Links for other system/motherboard manufacturers will be provided when available. If your manufacturer is not listed, contact them for information on the availability of the necessary software update.
    Intel Customer Support to submit an online service request.

    This article applies to:
    Active Products

    Intel® Server Platform Services Firmware
    Intel® Management Engine
    Intel® Trusted Execution Technology (Intel® TXT)

     
  36. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    Get These Laptops With Intel ME Chip Disabled From Dell, System76, And Purism
    December 5, 2017
    https://fossbytes.com/laptops-intel-me-chip-disabled/
    backdoor-intel-management-engine.jpg

    "The Intel ME chip which recently became popular is giving sleepless nights to the security community and PC users around the world.

    Why? Because the vulnerabilities in the Management Engine chip, running a closed source variant of MINIX OS, can allow attackers to take complete control of a system without the users noticing.

    What now? Several PC manufacturers have tried to take advantage of the situation and made attempts to build user trust by offering laptops with Intel ME chip disabled. Yes, probably the chips can be disabled through a feature designed to leave the management engine inoperable on machines purchased by government bodies.

    Dell Laptops With Intel ME chip disabled
    The American PC manufacturer Dell is willing to disable the vulnerable Intel chip on selected machines if the user is willing to pay $20 fee (spotted by a Reddit user).

    You can disable the chip on Dell’s New Latitude 14 Rugged Laptop. Visit the product page and choose “Intel vPro – ME Inoperable, custom order” which will increase the bill amount by $20.92.

    The other Dell machines include Latitude 15 E5570 laptop and Latitude 12 Rugged Tablet.

    Purism Laptops with Intel ME chip disabled
    Purism was probably the first company to announce that their Librem series laptops would come with the Management Engine disabled out of the box. For the Laptops released in the recent past, the company is providing the same via software update. It was a little bit difficult for Purism as their laptops run the open source firmware ‘coreboot’.

    You can find Librem13 and Librem 15 shipping with ME firmware disabled at this product page.

    System76 Laptop with Intel ME chip disabled
    Unlike Dell, System76 is offering to turn off the ME chip on all of their new machines. In a blog post, the company provides the list of all affected laptops.

    They have released an open source tool which can be used to disable ME chip on all of their laptops. Users can download the tool from this GitHub page."
     
    Dr. AMK, Starlight5 and inm8#2 like this.
  37. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
  38. Vasudev

    Vasudev Notebook Nobel Laureate

    Reputations:
    12,035
    Messages:
    11,278
    Likes Received:
    8,814
    Trophy Points:
    931
    Yeah not significant at all because you will be forced to buy new and better CPUs with security first approach which costs/adds 20% extra price.
    If they publicly say its affected, everybody will switch to slower AMD CPU which has near zero risk.
     
    Last edited: Jan 7, 2018
    hmscott and Dr. AMK like this.
  39. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

    [​IMG]
    If you think that only CPU updates that address this year's major security flaws—Meltdown and Spectre—are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to.

    Microsoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild.

    Sixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework.


    The zero-day vulnerability (CVE-2018-0802), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months.

    The vulnerability, discovered by several researchers from Chinese companies Tencent and Qihoo 360, ACROS Security's 0Patch Team, and Check Point Software Technologies, can be exploited for remote code execution by tricking a targeted user into opening a specially crafted malicious Word file in MS Office or WordPad.

    According to the company, this security flaw is related to CVE-2017-11882—a 17-year-old vulnerability in the Equation Editor functionality (EQNEDT32.EXE), which Microsoft addressed in November.

    When researchers at 0Patch were analysing CVE-2017-11882, they discovered a new, related vulnerability (CVE-2018-0802). More details of CVE-2018-0802 can be found in a blog post published by Check Point.

    Besides CVE-2018-0802, the company has addressed nine more remote code execution and memory disclosure vulnerabilities in MS Office.

    A spoofing vulnerability (CVE-2018-0819) in Microsoft Outlook for MAC, which has been listed as publicly disclosed (Mailsploit attack), has also addressed by the company. The vulnerability does not allow some versions Outlook for Mac to handle the encoding and display of email addresses properly, causing antivirus or anti-spam scanning not to work as intended.


    Microsoft also addressed a certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that could allow malware authors to show their invalid certificates as valid.

    "An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose," describes Microsoft. "This action disregards the Enhanced Key Usage taggings."

    The company has also patched a total of 15 vulnerabilities in the scripting engine used by Microsoft Edge and Internet Explorer.

    All these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet.

    Meanwhile, Adobe has patched a single, out of bounds read flaw (CVE-2018-4871) this month that could allow for information disclosure, though no active exploits have been seen in the wild.

    Users are strongly advised to apply October security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers.

    For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.
     
    hmscott and macmyc like this.
  40. macmyc

    macmyc Notebook Evangelist

    Reputations:
    159
    Messages:
    374
    Likes Received:
    316
    Trophy Points:
    76
    Still haven't received the updates for Meltdown and these new patches, is there anything i can do before getting them from the catalog?
     
  41. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.
     
  42. Starlight5

    Starlight5 Yes, I'm a cat. What else is there to say, really?

    Reputations:
    826
    Messages:
    3,230
    Likes Received:
    1,643
    Trophy Points:
    231
    Uninstall your antivirus, update Windows via Windows update, reinstall the antivirus.
     
  43. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    New Intel AMT Security Issue Lets Hackers Gain Full Control of Laptops in 30 Seconds
    [​IMG]

    It's been a terrible new-year-starting for Intel.

    Researchers warn of a new attack which can be carried out in less than 30 seconds and potentially affects millions of laptops globally.

    As Intel was rushing to roll out patches for Meltdown and Spectre vulnerabilities, security researchers have discovered a new critical security flaw in Intel hardware that could allow hackers to access corporate laptops remotely.

    Finnish cyber security firm F-Secure reported unsafe and misleading default behaviour within Intel Active Management Technology (AMT) that could allow an attacker to bypass login processes and take complete control over a user's device in less than 30 seconds.

    AMT is a feature that comes with Intel-based chipsets to enhance the ability of IT administrators and managed service providers for better controlling their device fleets, allowing them to remotely manage and repair PCs, workstations, and servers in their organisation.


    The bug allows anyone with physical access to the affected laptop to bypass the need to enter login credentials—including user, BIOS and BitLocker passwords and TPM pin codes—enabling remote administration for post-exploitation.

    In general, setting a BIOS password prevents an unauthorised user from booting up the device or making changes to the boot-up process. But this is not the case here.

    The password doesn't prevent unauthorised access to the AMT BIOS extension, thus allowing attackers access to configure AMT and making remote exploitation possible.

    Although researchers have discovered some severe AMT vulnerabilities in the past, the recently discovered issue is of particular concern because it is:

    • easy to exploit without a single line of code,
    • affects most Intel corporate laptops, and
    • could enable attackers to gain remote access to the affected system for later exploitation.
    "The attack is almost deceptively simple to enact, but it has incredible destructive potential," said F-Secure senior security researcher Harry Sintonen, who discovered the issue in July last year."In practice, it can give a local attacker complete control over an individual’s work laptop, despite even the most extensive security measures."According to the researchers, the newly discovered bug has nothing to do with the Spectre and Meltdownvulnerabilities recently found in the microchips used in almost all PCs, laptops, smartphones and tablets today.

    Here's How to Exploit this AMT Issue


    To exploit this issue, all an attacker with physical access to a password (login and BIOS) protected machine needs to do is reboot or power-up the targeted PC and press CTRL-P during boot-up, as demonstrated by researchers at F-Secure in the above video.

    The attacker then can log into Intel Management Engine BIOS Extension (MEBx) with a default password.


    Here, the default password for MEBx is "admin," which most likely remains unchanged on most corporate laptops.

    Once logged in, the attacker can then change the default password and enable remote access, and even set AMT's user opt-in to "None."

    Now, since the attacker has backdoored the machine efficiently, he/she can access the system remotely by connecting to the same wireless or wired network as the victim.

    Although exploiting the issue requires physical access, Sintonen explained that the speed and time at which it can be carried out makes it easily exploitable, adding that even one minute of a distraction of a target from its laptop is enough to do the damage.
    "Attackers have identified and located a target they wish to exploit. They approach the target in a public place—an airport, a café or a hotel lobby—and engage in an 'evil maid' scenario," Sintonen says."Essentially, one attacker distracts the mark, while the other briefly gains access to his or her laptop. The attack doesn't require a lot of time—the whole operation can take well under a minute to complete."Along with CERT-Coordination Center in the United States, F-Secure has notified Intel and all relevant device manufacturers about the security issue and urged them to address it urgently.

    Meanwhile, users and IT administrators in an organisation are recommended to change the default AMT password of their device to a strong one or disable AMT if this option is available, and never leave their laptop or PC unattended in a public place.
     
    Last edited: Jan 12, 2018
    Vasudev likes this.
  44. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    This has been known for years by corporations, and it is usually set just like the administrator BIOS lockout password. This isn't new.

    Most laptops aren't set up with this, it's limited to laptops destined for corporations, and they know about this - or should - if they don't it's an exceptional lapse, but then that corporation is likely missing other things too.

    It would look new to people that don't administer corporate laptops that need this remote access / control of their assets, but it has been this way for many years.

    The current security frenzy is such that things like this will make the news where normally someone would catch it and say "hey man, this isn't new" :)
     
  45. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    I think you are right, the new thing is only that many people don't know about it, including me :).
     
    Vasudev and hmscott like this.
  46. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    7,110
    Messages:
    20,384
    Likes Received:
    25,139
    Trophy Points:
    931
    Vasudev and Dr. AMK like this.
  47. TANWare

    TANWare Just This Side of Senile, I think. Super Moderator

    Reputations:
    2,548
    Messages:
    9,585
    Likes Received:
    4,997
    Trophy Points:
    431
    The using of a bios to lock out authorized users is well known. This can happen with ANY system not already secured.
     
    Vasudev, hmscott and Dr. AMK like this.
  48. Spartan@HIDevolution

    Spartan@HIDevolution Company Representative

    Reputations:
    39,579
    Messages:
    23,560
    Likes Received:
    36,854
    Trophy Points:
    931
  49. Papusan

    Papusan Jokebook's Sucks! Dont waste your $$$ on Filthy

    Reputations:
    42,701
    Messages:
    29,840
    Likes Received:
    59,615
    Trophy Points:
    931
    KY_BULLET, Vasudev and Dr. AMK like this.
  50. Dr. AMK

    Dr. AMK Living with Hope

    Reputations:
    3,961
    Messages:
    2,182
    Likes Received:
    4,654
    Trophy Points:
    281
    Last edited: Jan 23, 2018
    Papusan and Vasudev like this.
← Previous pageNext page →