Microsoft finds bug in Intel ME

fudzilla.com ^ | 09 June 2017 | Nick Farrell

[Ernest_at_the_Beach]

There is even malware exploiting it

Microsoft's security team has come across a malware family that uses Intel's Active Management Technology (AMT) Serial-over-LAN (SOL) interface as a file transfer tool.

Intel's AMT SOL is part of Intel's ME, a separate chip inside Intel CPUs that runs its own OS and stays on even when the main CPU is off. This makes it a rather good place for malware to hit.

Inside Intel's ME, AMT SOL opens a virtual network interface which works even when the PC is turned off. This virtual network interface runs inside ME, firewalls and security products installed on the main OS won't detected malware using AMT SOL to exfiltrate data.

Apparently the code was not penned by script kiddies. It has all the fingerprints of a nation state cyber-espionage unit codenamed PLATINUM.  The group has been active since 2009, and has targeted countries around the South China Sea.

PLATINUM is by far one of the most sophisticated hacking groups ever discovered. Last year Microsoft said the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer.

[Mariner]

If one has to manage 5,000 physical servers hosting 30,000 virtual machines, this technology is of great value.

[null and void]

;

At no point in history has any government ever wanted its people to be defenseless for any good reason ~ nully's son

The biggest killer of mankind

Nut-job Conspiracy Theory Ping!

To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...

[Nifster]

Surprise surprise

[Delta 21]

It either was programmed to do it, or it came up with it all on its own. The choice is binary.

[Delta 21]

Whats the latest flavor or Ubuntu? There are one or 2 that make it real tempting to jump and dump all the MSCrap.

I am ready.

[Delta 21]

The latest Win10 updates that came in salvos towards the end has everything all screwed up again. There is no use learning Windows workarounds just to make my machine run.

I’ll have the 2TB backup done tomorow then its me in Sheldon Cooper mode until I am interwebing via non-Windows.

[TexasRepublic]

Whats the latest flavor or Ubuntu? There are one or 2 that make it real tempting to jump and dump all the MSCrap.

I am ready.

I suggest that you also consider Linux Mint. I have installed Mint "Mate" 17.3 on most of my computers. It is not the latest version, but it is extremely lean and reliable.

[Pontiac]

Just like MS makes OSs that do 1000 times more than an OS should do, Intel is making chips that do more than a chip is supposed to do.

Why the hell is the CPU doing what this article describes in the first place?

Frome Intel’s website

Intel® Active Management Technology (Intel® AMT) is a feature of Intel® Core™ processors with Intel® vPro™ technology1,2 and workstation platforms based on select Intel® Xeon® processors. Intel® AMT uses integrated platform capabilities and popular third-party management and security applications, to allow IT or managed service providers to better discover, repair, and help protect their networked computing assets. Intel® AMT also saves time with remote maintenance and wireless manageability for your mobile workforce, and secure drive wiping to simply PC lifecycle transitions.

It is used by corporate IT groups to automate cyber security and make PC updates.

So a device that was intended to help protect computers ends up being the ultimate hacker tool.

[bgill]

the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer

I've said time and again we don't know what's being uploaded into our computers with all those updates and that's how they're spying on us.

[bgill]

the group was installing malware by abusing hotpatching — a mechanism that allows Microsoft to issue updates that tap into active processes and upgrade applications or the operating system without having to reboot the computer

I've said time and again we don't know what's being uploaded into our computers with all those updates and that's how they're spying on us.

[bgill]

Except for the batteries that keep things going when unplugged. It’s like a cell phone where the off button doesn’t really shut everything down.

[dayglored]

Of interest to Windows and other Intel CPU users ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

Thanks to null and void for the "Nut-job Conspiracy Theory Ping" that brought this to my attention!!

[The Westerner]

That pic of the lady and the sea never gets old! A picture worh a thousand words. Thank you.

[rarestia]

This is FUD. This was announced back in April and deals specifically with Intels vPro technology used by many enterprises. This technology is not common in retail processors.

[editor-surveyor]

.
Or turn off the switch on the back of the case, on the power supply.
.

[Excellence]

My son told me never turn the computer off without disconnecting it from the LAN.