Intel just forgot to review the security of their firmware

by Volker Weber

Sketch

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted

More >

Comments

Which of the Cs applies here?
- collusion
- conspiracy
- inCompetence

[insert name I fogot]'s razor: never presume malice where incompetence suffices to explain

Stephan H. Wissel, 2017-11-21

They also forgot to review the grammar of their security tool interface: "is considered vulnerable for (sic)"

Perhaps to be expected when one sees this sort of gibberish: "The INTEL-SA-00086 Detection Tool will assist with detection of the security vulnerability". Surely the tool's purpose is to perform the detection, rather than assist with the detection?

Occam's Razor points to the third 'C'.

David Richardson, 2017-11-21

... has performed an in-depth comprehensive security review of ...

A "little" bit too late, this review. This must be done before putting bazillion systems into danger...

Harald Reisinger, 2017-11-21

In this case, it isn't Occam's Razor, but Hanlon's Razor. Thanks for the heads-up, I just patched my P50.

Joerg Michael, 2017-11-22

btw. I was able to update my Thinkpad X240.

Samuel Orsenne, 2017-11-26

Recent comments

Sven Bühler on Die Größe macht den Unterschied at 22:44
Bill Greenberg on Four Apple Watch generations at 22:09
Felix Binsack on Die Größe macht den Unterschied at 21:31
Volker Weber on Die Größe macht den Unterschied at 21:27
Felix Binsack on Die Größe macht den Unterschied at 20:56
Samuel Orsenne on iPhone Xs camera is very impressive at 20:13
Volker Weber on iPhone Xs camera is very impressive at 19:49
Matthias Welling on iPhone Xs camera is very impressive at 19:14
Michael Spehr on iPhone Xs camera is very impressive at 18:54
Stephan H. Wissel on Apple Watch 4 is a proper phone at 18:01
Felix Binsack on Apple Watch 4 is a proper phone at 17:03
Stephan H. Wissel on Apple Watch 4 is a proper phone at 11:17
Johannes Matzke on Die Größe macht den Unterschied at 10:29
Volker Weber on Die Größe macht den Unterschied at 10:20
Johannes Matzke on Die Größe macht den Unterschied at 10:03
Alexander Hüls on Und der Gewinner ist ... at 18:09
Adalbert Duda on Und der Gewinner ist ... at 09:31
Martin Cygan on Jede Menge neue Amazon Echos at 00:50
Christoph-Alexander Dettmann on WIWE: So sieht ein schlechtes EKG aus at 16:37
Volker Weber on WIWE: So sieht ein schlechtes EKG aus at 14:18
Christoph-Alexander Dettmann on WIWE: So sieht ein schlechtes EKG aus at 14:00
Johannes Matzke on WIWE: So sieht ein schlechtes EKG aus at 13:46
Hubert Stettner on Erhöhte Sicherheit bei neuem iPhone und neuer Apple Watch at 12:19
Martin Kautz on Und der Gewinner ist ... at 10:10
Thomas Cloer on Und der Gewinner ist ... at 09:51

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 06:51

visitors.gif

buy me coffee