Intel just forgot to review the security of their firmware

by Volker Weber

Sketch

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted

More >

Comments

Which of the Cs applies here?
- collusion
- conspiracy
- inCompetence

[insert name I fogot]'s razor: never presume malice where incompetence suffices to explain

Stephan H. Wissel, 2017-11-21 14:14

They also forgot to review the grammar of their security tool interface: "is considered vulnerable for (sic)"

Perhaps to be expected when one sees this sort of gibberish: "The INTEL-SA-00086 Detection Tool will assist with detection of the security vulnerability". Surely the tool's purpose is to perform the detection, rather than assist with the detection?

Occam's Razor points to the third 'C'.

David Richardson, 2017-11-21 17:41

... has performed an in-depth comprehensive security review of ...

A "little" bit too late, this review. This must be done before putting bazillion systems into danger...

Harald Reisinger, 2017-11-21 18:02

In this case, it isn't Occam's Razor, but Hanlon's Razor. Thanks for the heads-up, I just patched my P50.

Joerg Michael, 2017-11-22 10:31

btw. I was able to update my Thinkpad X240.

Samuel Orsenne, 2017-11-26 17:03

Post a comment

Store next two fields in a cookie for you?




Use your full name and a working email address. Unless you want your comment to be removed. No kidding.

Recent comments

Moritz Petersen on Nokia Body Plus :: Meine Waage at 18:20
Tobias Hauser on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 17:24
Scott Hanson on Nokia Body Plus :: Meine Waage at 16:49
Jochen Kattoll on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 14:42
Jochen Kattoll on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 14:38
Volker Weber on Nokia Body Plus :: Meine Waage at 12:59
Nils Michael Becker on Nokia Body Plus :: Meine Waage at 12:57
Volker Weber on Nokia Body Plus :: Meine Waage at 12:44
Nils Michael Becker on Nokia Body Plus :: Meine Waage at 12:09
Abdelkader Boui on Nokia Body Plus :: Meine Waage at 12:03
Volker Weber on Nokia Body Plus :: Meine Waage at 11:48
Volker Weber on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 11:47
Martin Kirchler on Nokia Body Plus :: Meine Waage at 11:44
Volker Weber on Nokia Body Plus :: Meine Waage at 11:42
Axel Seifried on Nokia Body Plus :: Meine Waage at 11:39
Peter Daum on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 00:31
Volker Weber on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 21:54
Peter Daum on Kleine Unterschiede zwischen Surface Pro und Surface Pro 4 at 21:44
Volker Weber on Weniger als 50 Euro :: Office 365 Home für 5 Nutzer at 14:17
Sabine Weber on From my inbox at 13:41
Marcus Kuba on Weniger als 50 Euro :: Office 365 Home für 5 Nutzer at 13:40
Heiko Wolf on Huawei Mate 10 Pro gets November Update at 12:06
Hubert Stettner on Huawei Mate 10 Pro gets November Update at 11:57
Armin Grewe on Turbolader + Schlitzohr at 11:45
Volker Weber on Huawei Mate 10 Pro gets November Update at 09:58

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter

Local time is 18:47

visitors.gif