Intel patches remote execution that dates back to 2008

Same as the thread title... Intel patches remote execution that dates back to 2008

"The programming blunder can only be fully addressed with a firmware-level update, and it is present in millions of chips. It is effectively a backdoor into computers all over the world."

 

I always had some bad vibe with Intel MEI, now it seems my intuition was correct. Currently I hope Dell issues a patch.

 

Same here. If my systems have vPro either absent or disabled, does it mean that they're safe?

 

You might be safe, but there might be some ports open used for remote analysis of PC. Dunno what to do now?

 

The dangers of secret proprietary firmware exposed yet again.

I especially like how the onus is on OEMs to provide firmware patches. I don't see Clevo testing and releasing ME firmware updates on my EM series lappys I have...

 

Oh boy. Chances everyone pushes an update? I'm guessing fairly low.

 

I can't event find out a good way to tell if a system has vpro yet. It is supposedly for use as an administrotion tool so more likely on buisness hardware.

Intel has some guides but they list 4 methods and they say that you may have to try all 4. I get the feeling that they are not that reliable.

 

You're welcome Processors with Intel VproTechnology

 

Thanks for posting that.

 

Software from Intel posted from @_sem_ https://downloadcenter.intel.com/download/26755

 

This is not so clear.
My XPS 15 9550 tested "VULNERABLE" with Intel SA-00075 diagnostic tool.
Although the i7-6700hq doesn't have vPro.
It does have the ME (as any Intel processor since about 2008).
Intel(R) Management and Security Application Local Management Service (in charge of interfacing with the ME) is running, and the version number is not among "resolved". ME itself is programmed by BIOS updates afaik.
There are certain related remote admin facilities in BIOS, but I haven't enabled them.
Dell like Intel claims only systems with "pro" features are affected. Not sure if this is concerning remote hackability only.
Local hackability (assuming first infection by other means) would be bad enough, because it would not be detectable / curable by antivirus.

 

My TPY 260 with i5-6200u reports as non-vulnerable. MEI is disabled in BIOS.

 

M4800 with i7-4800MQ reports not vulnerable (ME not provisioned).

 

Download Disable Intel AMT

"Disable Intel AMT is a portable batch file to turn off a known Intel Active Management Technology (AMT) vulnerability with many Intel chipsets in Windows."

 

Link's broken already? I think there's an official version inbound though.

 

Major Geeks have probably had some problems... @hmscott
Try again Disable Intel AMT

 

Works now thanks.

 

Just for grins you might enable it and retest

I think most laptops have IMEI disabled by default, so even if you test non-vulnerable now you might be vulnerable with IMEI enabled in the BIOS later.

 

@hmscott I'd try, but it turns out there is no such option... it seems I confused it with some other machine, probably X220 tablet which I owned before - that one comes with AMT and an option to disable it through BIOS. I still have access to one of those, will check it and post here.

 

@hmscott I tried on Thinkpad X220 Tablet with AMT disabled in BIOS, yet it is still reported as vulnerable by Intel software. I ran Disable Intel AMT linked by @Papusan , hope it helps.