# PC vendors scramble as Intel announces vulnerability in firm



## Johnny b (Nov 7, 2016)

Dated Nov 22, 2017

* PC vendors scramble as Intel announces vulnerability in firmware *

https://arstechnica.com/information...d-vulnerability-in-pc-server-device-firmware/



> Intel has issued a security alert that management firmware on a number of recent PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack.


https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr (revised Dec 22,2017 )


----------



## texasbullet (Jun 11, 2014)

You may want to watch this video for more details.


----------



## Johnny b (Nov 7, 2016)

The particular news article I posted is about firmware in Intel's Management Engine ( including AMT ), Server Platform Services, and TXE, not the memory leak in the kernel.



> Four vulnerabilities were discovered that affect Intel Management Engine firmware versions 11.0 through 11.20. Two were found in earlier versions of ME, as well as two in Server Platform Services version 4.0 firmware and two in TXE version 3.0.


Addressing the memory leak, Holzman's logic is flawed. The new memory leak issue is ~10 years old, the exploits are recent coming after discovery of the chip flaw.
Benchmarks are already showing a 5 to 30 % impact after software patch.
Depends upon usage from what I'm reading.

His details apply to those running around with their 'hair on fire'. 
But those that ignore the gravity of the situation are those most likely to suffer from it, too.

IMO, his post is as much click bait as those that exaggerate the problem.


----------



## texasbullet (Jun 11, 2014)

Here is another update video on this issue.


----------



## Johnny b (Nov 7, 2016)

Interesting.

Another TSG member posted a query where Homeland Security also confused the two vulnerabilities, associating the Intel Management Engine fix with the kernel memory fix.

Kernel leakage isn't associated with the IME as that video implies.


IMO, that video should be ignored.


----------



## texasbullet (Jun 11, 2014)

Updated video tutorial.


----------



## Johnny b (Nov 7, 2016)

Interesting...but....that video doesn't apply to the topic of the news article I posted .


----------



## Johnny b (Nov 7, 2016)

Johnny-be-Good said:


> .....
> Addressing the memory leak......... .......... the exploits are recent coming after discovery of the chip flaw.
> ........


Correcting my previous statement about the kernel memory leak issue.......there aren't any known exploits at play in the wild at this time.


----------



## Jack1000 (Feb 4, 2001)

Johnny-be-Good said:


> Interesting...but....that video doesn't apply to the topic of the news article I posted .


Thanks,

My understanding is that the fixes for the Intel chip bugs are only precautionary measures at this time?

Jack


----------



## Coco767 (Jul 31, 2015)

Um... not sure. Maybe not precautionary measures? Maybe trying to cover it up so people forget about it?


----------



## Johnny b (Nov 7, 2016)

Jack1000 said:


> Thanks,
> 
> My understanding is that the fixes for the Intel chip bugs are only precautionary measures at this time?
> 
> Jack


The storm cometh.

Doesn't mean to wait until it rains to seek shelter


----------



## Johnny b (Nov 7, 2016)

Coco767 said:


> Um... not sure. Maybe not precautionary measures? Maybe trying to cover it up so people forget about it?


I doubt many will forget.
This affects not only our personal computers, it affects world governments, all banking and commerce world wide and all mobile devices along with many if not most ioT s.

It's not our operating system software at fault, it's the cpus that were intentionally engineered to do something that turned out to be unsafe.


----------



## managed (May 24, 2003)

I'm ready, I bought a hammer.


----------



## flavallee (May 12, 2002)

Dell posted a BIOS update for my Intel 4th generation Dell PC's, and Microsoft posted a KB update for Windows 7 64-bit, so hopefully I'm good now. 

--------------------------------------------------------------


----------



## Jack1000 (Feb 4, 2001)

Any problems installing the update on Windows 7 or Windows 8.1 machines?

Jack


----------



## Johnny b (Nov 7, 2016)

Nothing obvious there that addresses Intel's Management Engine.


----------

