Probleme de securitate la procesoarele Intel
|Ieri, 20 noiembrie, a fost transmisa o informare prin care suntem avertizati ca exista o vulnerabilitate ce tine de ME (Intel Management Engine) la procesoarele Intel din ultimile generatii. Daca se exploateaza aceasta vulnerabilitate se poate prelua controlul echipamentului targetat. Se pare ca mai multi experti pe partea de securitate au transmis informatii referitoare la aceste probleme celor de la Intel dar pana acuma nu a fost nimic postat oficial.
Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
This includes scenarios where a successful attacker could:
Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
Load and execute arbitrary code outside the visibility of the user and operating system.
Cause a system crash or system instability.
Procesoarele afectate sunt:
6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ N and J series Processors
Versiunile de firmware afectate sunt:
Intel® Manageability Engine Firmware 11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x
Intel Manageability Engine Firmware 8.x/9.x/10.x*
Server Platform Service 4.0.x.x
Intel Trusted Execution Engine 3.0.x.x
Pentru verificarea sistemului cei de la Intel au creat si un tool de detectie. Il puteti downloada de aici – http://www.intel.com/sa-00086-support. Pentru patch-uri si update de firmare se pot consulta informatiile de aici – https://www.intel.com/content/www/us/en/support/articles/000025619/software.html. Pagina de suport este si va fi updatata in timp real cu cele mai noi link-uri de informare si download pentru rezolvarea problemei.
Sfatul meu de incheiere este sa faceti o verificare folosind tool-ul de la ei.
Be clean and be safe! 😉
sursa: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr