Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!



Results 1 to 2 of 2
Like Tree2Likes
  • 2 Post By Tulim

Thread: Intel confirms remote code execution hole in all Intel CPUs since 2008

  1. 05-02-2017 #1
    Tulim
    Guest Tulim's Avatar

    Intel confirms remote code execution hole in all Intel CPUs since 2008

    According to security researchers, media, and now Intel themselves, a security hole allowing remote code execution (RCE) has been present in Intel CPUs since 2008. The exploit was usable on Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability (SM). Those are present in most every computer with an Intel CPU from the last ten years, and allowed for remote execution of code on the CPU. Charlie Demerjian at SemiAccurate first reported the news earlier today:

    “The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware.”
    Intel confirms escalation of privilege vulnerability


    SemiAccurate has known about the exploit for over five years before releasing the news earlier today. SemiAccurate, along with many others such as Richard Stallman, have been warning that something like this could happen and likely had happened already. Today, May 1st, 2017, we have confirmation.

    The issue was confirmed with a security advisory later in the day while thanking Maksim Malyutin from Embedi. They have released a firmware fix and it will be distributed asap. The CPU maker admitted that the vulnerability allowed for “an unprivileged attacker to gain control of the manageability features provided by these products.” The manageability features allow all sorts of shenanigans. Intel confirmed to SemiAccurate that AMT can be used to “bare metal image a dead machine over a cellular connection.” Needless to say, if they can do that – they can do anything.

    The security advisory also states that this vulnerability did not/does not exist on consumer PCs, only non-consumer PCs. In the public eye, the veracity of this claim has not been proven. If your computer doesn’t have VPro, then it doesn’t have AMT and isn’t vulnerable. It’s also worth noting that Apple Macs do not use Intel AMT, and thus were not vulnerable.



    [Privacy News Online]
    jimmy7 and ciganus like this.
    Reply With Quote Reply With Quote
  2. 05-03-2017 #2
    ciganusDonor Icon
    ciganus is offline
    Donor
    ciganus's Avatar
    Reputation Points
    17410
    Reputation Power
    100
    Join Date
    May 2014
    Posts
    111
    Time Online
    6 d 3 h 41 m
    Avg. Time Online
    2 m
    Mentioned
    12 Post(s)
    Quoted
    17 Post(s)
    Liked
    40 times
    Feedbacks
    0
    since 2008? No biggie!
    Same as Yahoo....
    Reply With Quote Reply With Quote

« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

All times are GMT +1. The time now is 10:58 AM.
Powered by vBulletin® Version 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.