Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

The Register ^ | Nov 20, 2017 | Thomas Claburn

[Dalberg-Acton]

That’s a service Microsoft provides in every version of Windows.

[hsmomx3]

Thanks!!

[SunkenCiv]

Oopsie. Thanks dayglored.

[Regulator]

Color me un-shocked

[TChad]

From Intel:

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

The linked page contains links to some computer manufacturers, giving their recommended responses to this mess. There is also a link to a detection tool.

[rdl6989]

I always thought it was planned obsolescence to get you to buy a new computer.

[conservatism_IS_compassion]

The processor chipsets affected by the flaws are as follows:

• 6th, 7th and 8th Generation Intel Core processors

Sent this to my SA and he came right back and said that he had already patched two of my systems. The rest are too old to be vulnerable.

I have an Intel Core i5 so I guess my mac resembles that remark . . .

[Swordmaker]

6th, 7th and 8th Generation Intel Core processors

Sent this to my SA and he came right back and said that he had already patched two of my systems. The rest are too old to be vulnerable.

Any Mac made in 2015 and after would have at least a 6th generation Intel processor in it. Those are the ones that are vulnerable to this issue.

[grey_whiskers]

How many of these COTS chips (no doubt thoughtfully built in China) are in our military hardware? Wonder what’ll happen wwhen we go to defend Taiwan with our carriers and the Aegis cruisers all shut down?

[TChris]

Don't know if they're entirely clean either, but I've used AMD processors since the 90's.

Much better value.

[The Westerner]

Seriously? Just when I purchased a 2017 Macbook because XP was too vulnerable! Where’s my Selectric 2?

[Swordmaker]

Seriously? Just when I purchased a 2017 Macbook because XP was too vulnerable! Where’s my Selectric 2?

At this point the Apple Mac is NOT on the Intel list of vulnerable computers. . . so perhaps not. Apple does not use the same management tools that PCs do, so perhaps there is not the same exposure.

[The Westerner]

If you find out, ping the list. But really, at this point with hackers and all our data exposed time and again, security is so last year!

[goodnesswins]

So, could you give non techies here hints on doing that?

[MayflowerMadam]

A tech guy on Fox mentioned 2015 as the year to be aware of. I’d like to know where the cutoff is — a date during 2015 or just after 2015.

[TXnMA]

As a developer, that sounds to me like a memory management issue -- failure to clear and dispose of (release for future use) memory immediately when your app is done with it. Microsoft and its developers have never done well at employing and enforcing that discipline. (Check your "memory in use" with nothing but the OS running...)

Being rigorous with memory management is boring and repetitive -- and "bloats" my code by ~20% -- but, it's worth it...

But, because I learned coding on an original Apple][ and Tandy's "Trash-80" -- where every byte of their minuscule memory was precious -- I must admit to being a fanatic about "tight" code and runtime memory management, as well as rigorously "cleaning house" before my app shuts down. YMMV...'-)

[TXnMA]

So — the most any of us on your pinglist can do is wait for Intel (and Apple) to implement fixes — if it can even be done outside Intel’s silicon?

[Swordmaker]

As a developer, that sounds to me like a memory management issue -- failure to clear and dispose of (release for future use) memory immediately when your app is done with it. Microsoft and its developers have never done well at employing and enforcing that discipline. (Check your "memory in use" with nothing but the OS running...)

The hidden independent processor has very little to do with memory management for the app processor or even the system housekeeping routines that run at root. It appears to be a processor that allows complete access to the computer without an OS even having been booted, or even being installed for that matter, so a remote manager can access the machine to repair or even installing a new OS remotely, regardless of whether or not a system has ever been installed or not.

That being said, this hidden independent processor IS built in to the Intel processor itself and is dependent on other computer system logic board and peripherals to be accessed, i.e. just existing on the Intel processor is, in and of itself not a risk. The Logicboard and peripherals chosen must permit the external access before there is any risk of outside vulnerability to the computer.

I was looking at the list of hardware manufacturers who use these processors that Intel itself had listed as vulnerable and noticed a blatant Intel chip user that was absent from that list: Apple. Although Apple Macs can run Windows and Linux, Apple's hardware does not use BIOS as part of their normal startup procedure, instead it runs an Extensible Firmware Interface (EFI) which may not support the Management Engine access in the Intel processor, or which has the ME switched off by default.

[TXnMA]

SM, I wasn't addressing the thread's vulnerability problem, about which I know very little. Rather, I was addressing RinaseaofDs:

"Maybe they can fix the deprecation routine that slows the PC down gradually over time until it simply fails to run anymore.I never understood why a perfectly good computer running a limited number of application gradually slows to the point of unusability."

Frankly, I talked about apps -- rather than come right out and say that Apple's coding discipline enforces memory cleanup far more rigorously than Microsoft's does -- or, ever has -- including at the system level...

Maintaining runtime memory cleanup coding discipline is a PITA, but it pays off in long-term satisfaction. Example: my MBP runs for months without ever being shut down -- without any perceivable performance hit...

[The Westerner]

I can't speak to system slowing re: Apple products. What I found most memorable when I started up my first Mac laptop @8 years ago was the speed of loading its programs compared to any Microsoft system. It was then that I understood what Steve Jobs was all about. Next was the elegant, simple user interface. My favorite product and most used is/was my iPad1. On that version, the Settings are all on one screen where the average person can understand where to go. Now, on iPhones and iPads, the simplicity has been lost. Steve Jobs looked through the eyes of a neophyte and the artist when designing products. Sadly, no one is there to take his place.