Intel just forgot to review the security of their firmware

by Volker Weber

Sketch

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted

More >

Comments

Which of the Cs applies here?
- collusion
- conspiracy
- inCompetence

[insert name I fogot]'s razor: never presume malice where incompetence suffices to explain

Stephan H. Wissel, 2017-11-21

They also forgot to review the grammar of their security tool interface: "is considered vulnerable for (sic)"

Perhaps to be expected when one sees this sort of gibberish: "The INTEL-SA-00086 Detection Tool will assist with detection of the security vulnerability". Surely the tool's purpose is to perform the detection, rather than assist with the detection?

Occam's Razor points to the third 'C'.

David Richardson, 2017-11-21

... has performed an in-depth comprehensive security review of ...

A "little" bit too late, this review. This must be done before putting bazillion systems into danger...

Harald Reisinger, 2017-11-21

In this case, it isn't Occam's Razor, but Hanlon's Razor. Thanks for the heads-up, I just patched my P50.

Joerg Michael, 2017-11-22

btw. I was able to update my Thinkpad X240.

Samuel Orsenne, 2017-11-26

Recent comments

Patric Stiffel on Soyuz-Flug zur ISS und zurück at 18:35
Volker Gronau on AP Steering in der nächsten Fritz-Software at 17:45
Axel Koerv on AP Steering in der nächsten Fritz-Software at 16:33
Volker Weber on Kleines Update zu ginlo at 12:45
Marco Siedler on Kleines Update zu ginlo at 12:43
Stephan Perthes on Soyuz-Flug zur ISS und zurück at 11:45
Bill Buchan on Ein kleines persönliches Update at 10:05
Oliver Regelmann on Is Watson Workspace dead or only resting? at 09:02
Oliver Barner on Unfallfolgen :: Ab jetzt geht es bergauf at 09:01
Henning Kunz on Ein kleines persönliches Update at 08:59
Christian Tillmanns on Soyuz-Flug zur ISS und zurück at 08:41
Richard Schwartz on Huntress at 04:10
John Keys on ginlo auf Android at 22:54
Amy Blumenfield on Unfallfolgen :: Ab jetzt geht es bergauf at 20:55
Stephan Perthes on Last-Minute-Geschenk :: udoq-Qi-Lader at 19:51
Johannes Koch on Words to live by at 19:29
Volker Weber on ginlo auf Android at 18:45
Wolfgang Kulhanek on ginlo auf Android at 18:40
Sami Bahri on ginlo auf Android at 17:45
Volker Weber on Words to live by at 17:23
Jens Nullmeyer on Words to live by at 17:17
Volker Weber on Soyuz-Flug zur ISS und zurück at 17:14
Maik Endler on Soyuz-Flug zur ISS und zurück at 15:31
Pavel Zheltobryukhov on Soyuz-Flug zur ISS und zurück at 14:30
Lars Berntrop-Bos on ginlo auf Android at 13:53

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 18:38

visitors.gif

buy me coffee