D
Deleted member 55181
Guest
Persecuted by further discoveries of gaps in the mechanism of speculative instruction execution, Intel discovered that its chips are vulnerable to attack on the other hand - the infamous Management Engine remote management subsystem. This computer-in-computer, which can have complete control over the processes occurring in modern PCs, has proved to be vulnerable to two attacks, one of which allows remote code execution.
Intel Management Engine has been controversial since its introduction to processors in 2008. The reason for this controversy was the closed nature of the subsystem, in theory allowing to hide backdoors in it and to bypass any security of operating systems. On the other hand, Management Engine and its Active Management Technology software significantly simplified the life of administrators in large organizations, allowing them to easily manage machines remotely on the network.
Even they, however, would like to know more about how the Management Engine works, and sometimes even disable the subsystem. Unfortunately, Intel never revealed it, he also did not allow it to be disabled. It did not change in this matter even the radical change in the Management Engine architecture that occurred in the Skylake processors. The Exotic Core ARC core with the ThreadX real-time system replaced the usual 32-bit x86 (Intel Quark) with the MINIX 3 system. However, this was the discovery of independent researchers from Russia, who by the way found the spectacular security holes in the Management Engine.
It was sometimes said that it was a matter of licensing agreements and the protection of intellectual property. With the help of the Management Engine, DRM policies are also enforced, the Protected Audio Video Path module is responsible for that. Intel's Hollywood partners would simply be unhappy if an ordinary user could just turn it off to allow unspeakable acts of media piracy.
Unfortunately, we pay for the satisfaction of Intel's partners with our security. Newly discovered vulnerabilities in Management Engine are even more dangerous than previously discovered, they are easier to wyexploitować.
The first of them is CVE-2018-3627 . It threatens all 6th, 7th and 8th generation Intel Core processors as well as Xeonom Greenlow and Basin Falls. It is defined as an error in the Intel Converged Security Management Engine logic, and allows local access to the attacker to run arbitrary code with administrative privileges.
The second gap is CVE-2018-3628 . It threatens all generations of Core processors, from 1 to 8, old Core 2 Duo and Centrino 2 processors with vPro technologies, and Xeonom from Greenlow, Purley and Basin Falls families. Intel has described the error as a buffer overflow in the HTTP handle in Intel Active Management Technology. This allows the attacker to remotely execute arbitrary code if it is in the same subnet. Worst of all, you do not even have to have an administrator password.
What now?
In fact, we are not on the basis of laconic messages from Intel to assess what can be done about it. Researchers from Positive Technologies, the same ones who discovered two vulnerabilities in Management Engine last year, announce their deeper investigation. They believe that these vulnerabilities were discovered when the code was audited by Intel after their discovery, but they were moved aside so as not to be frightened by the simultaneous release of such patches on the Management Engine firmware.
As usual, in this situation we can encourage to neutralize the Intel Management Engine once and for all using the independent ME_cleaner tool. It removes ME modules, making them toothless. At the same time, it leaves everything that is necessary to start the computer and avoid turning it off after 30 minutes.
https://translate.google.com/translate?sl=pl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https://www.dobreprogramy.pl/Zdalne-uruchamianie-kodu-na-niemal-wszystkich-procesorach-Intela-to-znow-wina-Management-Engine,News,89437.html&edit-text=&act=url
https://translate.google.com/translate?sl=pl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https://www.wykop.pl/link/4434585/zdalne-uruchamianie-kodu-na-niemal-wszystkich-procesorach-intela-me/&edit-text=&act=url
Intel Management Engine has been controversial since its introduction to processors in 2008. The reason for this controversy was the closed nature of the subsystem, in theory allowing to hide backdoors in it and to bypass any security of operating systems. On the other hand, Management Engine and its Active Management Technology software significantly simplified the life of administrators in large organizations, allowing them to easily manage machines remotely on the network.
Even they, however, would like to know more about how the Management Engine works, and sometimes even disable the subsystem. Unfortunately, Intel never revealed it, he also did not allow it to be disabled. It did not change in this matter even the radical change in the Management Engine architecture that occurred in the Skylake processors. The Exotic Core ARC core with the ThreadX real-time system replaced the usual 32-bit x86 (Intel Quark) with the MINIX 3 system. However, this was the discovery of independent researchers from Russia, who by the way found the spectacular security holes in the Management Engine.
It was sometimes said that it was a matter of licensing agreements and the protection of intellectual property. With the help of the Management Engine, DRM policies are also enforced, the Protected Audio Video Path module is responsible for that. Intel's Hollywood partners would simply be unhappy if an ordinary user could just turn it off to allow unspeakable acts of media piracy.
Unfortunately, we pay for the satisfaction of Intel's partners with our security. Newly discovered vulnerabilities in Management Engine are even more dangerous than previously discovered, they are easier to wyexploitować.
The first of them is CVE-2018-3627 . It threatens all 6th, 7th and 8th generation Intel Core processors as well as Xeonom Greenlow and Basin Falls. It is defined as an error in the Intel Converged Security Management Engine logic, and allows local access to the attacker to run arbitrary code with administrative privileges.
The second gap is CVE-2018-3628 . It threatens all generations of Core processors, from 1 to 8, old Core 2 Duo and Centrino 2 processors with vPro technologies, and Xeonom from Greenlow, Purley and Basin Falls families. Intel has described the error as a buffer overflow in the HTTP handle in Intel Active Management Technology. This allows the attacker to remotely execute arbitrary code if it is in the same subnet. Worst of all, you do not even have to have an administrator password.
What now?
In fact, we are not on the basis of laconic messages from Intel to assess what can be done about it. Researchers from Positive Technologies, the same ones who discovered two vulnerabilities in Management Engine last year, announce their deeper investigation. They believe that these vulnerabilities were discovered when the code was audited by Intel after their discovery, but they were moved aside so as not to be frightened by the simultaneous release of such patches on the Management Engine firmware.
As usual, in this situation we can encourage to neutralize the Intel Management Engine once and for all using the independent ME_cleaner tool. It removes ME modules, making them toothless. At the same time, it leaves everything that is necessary to start the computer and avoid turning it off after 30 minutes.
https://translate.google.com/translate?sl=pl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https://www.dobreprogramy.pl/Zdalne-uruchamianie-kodu-na-niemal-wszystkich-procesorach-Intela-to-znow-wina-Management-Engine,News,89437.html&edit-text=&act=url
https://translate.google.com/translate?sl=pl&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https://www.wykop.pl/link/4434585/zdalne-uruchamianie-kodu-na-niemal-wszystkich-procesorach-intela-me/&edit-text=&act=url