Intel just forgot to review the security of their firmware

by Volker Weber

Sketch

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted

More >

Comments

Which of the Cs applies here?
- collusion
- conspiracy
- inCompetence

[insert name I fogot]'s razor: never presume malice where incompetence suffices to explain

Stephan H. Wissel, 2017-11-21 14:14

They also forgot to review the grammar of their security tool interface: "is considered vulnerable for (sic)"

Perhaps to be expected when one sees this sort of gibberish: "The INTEL-SA-00086 Detection Tool will assist with detection of the security vulnerability". Surely the tool's purpose is to perform the detection, rather than assist with the detection?

Occam's Razor points to the third 'C'.

David Richardson, 2017-11-21 17:41

... has performed an in-depth comprehensive security review of ...

A "little" bit too late, this review. This must be done before putting bazillion systems into danger...

Harald Reisinger, 2017-11-21 18:02

In this case, it isn't Occam's Razor, but Hanlon's Razor. Thanks for the heads-up, I just patched my P50.

Joerg Michael, 2017-11-22 10:31

btw. I was able to update my Thinkpad X240.

Samuel Orsenne, 2017-11-26 17:03

Recent comments

Dominique Roller on HomePod kaufen? at 13:27
Markus Dierker on HomePod kaufen? at 13:20
Martin Kautz on Computer Kid at 12:09
Volker Weber on Neues Ziel: 100k #dontbreakthechain at 11:31
Karl Heindel on Neues Ziel: 100k #dontbreakthechain at 10:48
Michael Schneider on Neues Ziel: 100k #dontbreakthechain at 10:27
Axel Koerv on Neues Ziel: 100k #dontbreakthechain at 09:27
Bernd Hofmann on Neues Ziel: 100k #dontbreakthechain at 07:42
Volker Weber on Three essentials at 20:58
Stephan Perthes on Three essentials at 15:25
Volker Weber on Die neue Cebit at 13:07
Volker Weber on Sonos, AirPods, Plantronics. Und Podcasts. at 12:56
Bernhard Kockoth on Die neue Cebit at 12:27
Christian Hirth on Sonos, AirPods, Plantronics. Und Podcasts. at 11:16
Volker Weber on Sonos, AirPods, Plantronics. Und Podcasts. at 10:35
Christian Hirth on Sonos, AirPods, Plantronics. Und Podcasts. at 09:40
Axel Koerv on Sonos, AirPods, Plantronics. Und Podcasts. at 20:34
Bernd Hofmann on Sonos, AirPods, Plantronics. Und Podcasts. at 15:47
Sabine Weber on Sonos, AirPods, Plantronics. Und Podcasts. at 15:45
Hans Bornich on Let's talk about USB-C and Apple at 11:38
Kristian Raue on Die neue Cebit at 10:28
Karsten Lehmann on Three essentials at 23:57
Volker Weber on Three essentials at 22:42
Declan Lynch on Three essentials at 21:36
Axel Borschbach on Three essentials at 20:30

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter amazon

Local time is 19:26

visitors.gif

buy me coffee