Peppermint OS Community Forum

General => GNU/Linux Discussion => Topic started by: VinDSL on November 26, 2017, 01:35:42 pm

Title: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on November 26, 2017, 01:35:42 pm
Good ol' Swati   :)

SOURCE #1 (her article): https://goo.gl/HYkUNu

Quote
In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer.

Now, Intel has admitted that these security vulnerabilities could "potentially place impacted platforms at risk." [...]

As long as the system is connected to a line power and a network cable, these remote functions can be performed out of band even when the computer is turned off as it operates independently of the operating system.



I always stay a couple of generations behind 'the curve'. But if you're running the latest n' greatest Intel CPU, you might want to check your machine for vulns.


SOURCE #2 (Linux & winders detection tool): https://goo.gl/Yq6cx4

I just checked this Dell i5 desktop box. Whew...

Spoiler (click here to view / hide)
╭─vindsl@Boogaloo-5 /mnt/58328914-6c59-4abf-99cb-9feb196df4e3/Downloads 
╰─➤  sudo ./intel_sa00086.py                                               11 ↵
[sudo] password for vindsl:
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-26 18:19:49 GMT

*** Host Computer Information ***
Name: Boogaloo-5
Manufacturer: Dell Inc.
Model: OptiPlex 7010
Processor Name: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
OS Version: Peppermint 7 xenial (4.13.0-18-generic)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 8.1.65.1586
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

╭─vindsl@Boogaloo-5 /mnt/58328914-6c59-4abf-99cb-9feb196df4e3/Downloads 
╰─➤ 
[close]

I'll check my Dell i7 lappy after submitting this.  8)


EDIT

All is well... on the Southwestern Front.

Spoiler (click here to view / hide)
╭─vindsl@Chi-You ~/Downloads/Intel Detection Tool 
╰─$ sudo ./intel_sa00086.py
[sudo] password for vindsl:
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-26 18:51:00 GMT

*** Host Computer Information ***
Name: Chi-You
Manufacturer: Dell Inc.
Model: Latitude E6430
Processor Name: Intel(R) Core(TM) i7-3540M CPU @ 3.00GHz
OS Version: Peppermint 7 xenial (4.13.0-18-generic)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 8.1.71.3608
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

╭─vindsl@Chi-You ~/Downloads/Intel Detection Tool 
╰─$
[close]
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: scifidude79 on November 26, 2017, 01:53:19 pm
Wow, that's not good.  Thankfully, the newest Intel processor is a 4th gen i7 in my Steam Machine.  I also use WIFI on that, not a wired connection.
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: spence on November 26, 2017, 03:46:18 pm
great, so my Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz is Vulnerable... lets see what https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr) has to say  :-\

at least it only operates over wifi
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on November 26, 2017, 04:18:46 pm
Code: [Select]
mark@Dell-E6530 ~/Desktop/SA00086_Linux $ sudo ./intel_sa00086.py
[sudo] password for mark:
INTEL-SA-00086 Detection Tool
Copyright(C) 2017, Intel Corporation, All rights reserved

Application Version: 1.0.0.128
Scan date: 2017-11-26 21:17:50 GMT

*** Host Computer Information ***
Name: Dell-E6530
Manufacturer: Dell Inc.
Model: Latitude E6530
Processor Name: Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz
OS Version: Peppermint 8 xenial (4.10.0-40-generic)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 8.1.71.3608
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

All good here :)

Isn't this the vulnerability Dell fixed with the recent BIOS updates ?
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on November 26, 2017, 04:36:09 pm
Isn't this the vulnerability Dell fixed with the recent BIOS updates ?

I haven't run across any Dell BIOS updates recently, for my machines. Maybe they're platform specific, i.e. I can't install the affected processors on my mobo(s), so no update(s) necessary.

I'll look around...  ;)
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on November 26, 2017, 05:28:09 pm
I thought you'd already applied the Dell BIOS update when we talked about the Intel AMT/ISM/SBT management engine vulnerability a few months ago
https://www.intel.com/content/www/us/en/architecture-and-technology/intel-amt-vulnerability-announcement.html

It was the Dell A21 BIOS (for your E6430) if I remember correctly.
http://www.dell.com/support/home/uk/en/ukbsdt1/product-support/product/latitude-e6430/drivers

Or is this a different vulnerability ?
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on November 26, 2017, 06:05:28 pm
Maybe...

I checked the BIOS in this desktop box, at it was sitting @ A21. I evidently missed the A25 BIOS update in May 2017, soooo...

I baked a Rufus USB stick and installed A25.

I'll check my lappy now, and see if I missed anything there.

I've started depending on Dell's automagic web update utility, but I'm starting to think it isn't up to snuff. I guess I'll go back to doing updates manually.  ::)

EDIT

Looks like the 'road warrior' is up to date:  https://goo.gl/jEp8We
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: spence on December 01, 2017, 02:22:11 pm
The ASRock bios page lists nothing of need to my eyes... only something for Intel Octane... and a hyperthreading update... well... maybe that is worth a ponder  :-\
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: Bigoeuf on December 02, 2017, 07:13:56 am
Ayup all  :)

Maybe...

I checked the BIOS in this desktop box, at it was sitting @ A21. I evidently missed the A25 BIOS update in May 2017, soooo...

I baked a Rufus USB stick and installed A25.

I'll check my lappy now, and see if I missed anything there.

I've started depending on Dell's automagic web update utility, but I'm starting to think it isn't up to snuff. I guess I'll go back to doing updates manually.  ::)

EDIT

Looks like the 'road warrior' is up to date:  https://goo.gl/jEp8We

Ehhhh???
My 6430's BIOS is on A21 & I've just checked the Dell website & it is still listed as the latest version?? Even in the link you posted mucker it shows your BIOS version as A21 (unless of course you updated to the elusive A25 afterwards)??  ???

Looks like my 3rd gen processor isn't affected - according to the linked article you give in  your OP VinDSL:

https://thehackernews.com/2017/11/intel-chipset-flaws.html (https://thehackernews.com/2017/11/intel-chipset-flaws.html)
 
Quote
Affected Intel Products

Below is the list of the processor chipsets which include the vulnerable firmware:

   
  • 6th, 7th and 8th Generation Intel Core processors
  • .................
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 02, 2017, 12:17:15 pm
The most recent BIOS for my Dell E6430 Latitude Ivy Bridge i7 3540M (3.0 GHz) laptop is sitting at A21

The most recent BIOS for my Dell OptiPlex 7010 SFF Ivy Bridge i5-3470 (3.2 GHz) desktop box is at A25

Make more sense?   ;)
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: Bigoeuf on December 03, 2017, 04:56:20 am
Morning all

The most recent BIOS for my Dell E6430 Latitude Ivy Bridge i7 3540M (3.0 GHz) laptop is sitting at A21

The most recent BIOS for my Dell OptiPlex 7010 SFF Ivy Bridge i5-3470 (3.2 GHz) desktop box is at A25

Make more sense?   ;)

Indeed yes - my apologies I didn't read your post that I quoted properly - specifically:

Quote
........
I checked the BIOS in this desktop box, at it was sitting @ A21. ...........

(my colour highlight)

Note to Santa - New glasses for Xmas please  :D
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 03, 2017, 02:45:03 pm
N/P Bigoeuf

I didn't want to see you wasting your time searching for a non-existent A25 BIOS for your lappy - that's all.   ;)
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 05, 2017, 09:38:11 pm
Dell, Other Vendors Start Shipping Laptops With Intel ME Firmware Disabled | BleepingComputer  (3-DEC-2017)

SOURCE: https://goo.gl/eJXuok

Quote
Some hardware vendors are reacting to the recent revelation that some of Intel's core CPU technology is riddled with security holes.

At the time of writing, three laptop and computer vendors have started offering a way to buy products without Intel ME (Management Engine), or have said they'll deliver firmware updates that disable the technology [....]


System76

The second company that took a similar step was System76, a seller of custom Linux PC rigs. In a blog post this week, the company explains its decision and puts forward the following rollout plan.
  • System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops. The ME provides no functionality for System76 laptop customers and is safe to disable.

  • The roll out will occur over time and customers will be notified by email prior to delivery

  • You must run Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, Pop!_OS 17.10, or an Ubuntu derivative and have the System76 driver installed to receive the latest firmware and disabled ME on laptops*

  • System76 will investigate producing a distro-agnostic command line firmware install tool. Follow us on your preferred social network for updates.

  • System76 will not disable the ME on desktops but will provide updated ME firmware

  • Desktop customers will receive instructions for updating the ME via email as they are available
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on December 05, 2017, 09:51:11 pm
Good .. would be nice if they relase a BIOS update that kills it for older business class machines, but it shouldn't even be in consumer grade machines in the first place.
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 05, 2017, 10:00:54 pm
[...] it shouldn't even be in consumer grade machines in the first place.

Yup. I just inserted an addendum above. As System76 stated...

Quote
The ME provides no functionality for System76 laptop customers and is safe to disable.
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 06, 2017, 10:50:31 am
Maybe some hope!?...
http://www.zdnet.com/article/computer-vendors-start-disabling-intel-management-engine/


Skickat från min SM-G900F via Tapatalk

Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on December 06, 2017, 11:18:04 am
Cool .. looks like Dell **will** be releasing a BIOS update on (or before) 2 Jan 2018 for my E6530's but not my E6520

Full Dell PC list (including links as the BIOS's become available) here:
http://www.dell.com/support/article/us/en/19/sln308237/dell-client-statement-on-intel-me-txe-advisory--intel-sa-00086-?lang=en
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 06, 2017, 11:43:11 am
Yeap, but I have an Asus ...
...though, according to the Intel tool, I'm not affected ...
The more I read about it, the least I trust they are being honest...
See for example http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1
...US GOV-HPA??

What's true?... oh, well... Google already knows everything anyway
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: spence on December 06, 2017, 11:47:21 am
you knew "they were" eventually gonna mention the NSA... 

Quote
HAP refers to the US government's High Assurance Platform Program, a secure computing program run by the NSA in collaboration with the tech industry. According to Bleeping Computer, disabling ME requires setting the relevant bit to '1'.

http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/ (http://www.zdnet.com/article/researchers-say-intels-management-engine-feature-can-be-switched-off/)
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on December 06, 2017, 11:50:05 am
And the west are bitching about Kaspersky .. ya gotta larf :))
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 06, 2017, 12:06:38 pm
Yeap, you don't really know who to trust, do you?

Skickat från min SM-G900F via Tapatalk

Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on December 06, 2017, 12:10:26 pm
I do .. NOBODY :))
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 06, 2017, 12:18:07 pm
Obviously ...
...but, you still have to deal with everybody else...

Skickat från min SM-G900F via Tapatalk

Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: PCNetSpec on December 06, 2017, 12:26:10 pm
Well not really .. if I have any secrets I simply don't put them on a PC/phone/tablet/interweb/or even paper, end of story .. anything outside of my head I don't consider secure, the rest is just about 'degree'.

Hasn't this always been the case ?

[EDIT]

So the fact it was me on the grassy knoll is still 100% secure .. Doh!!!
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: spence on December 06, 2017, 12:35:07 pm
Kapersky IT techs all attend the same alphabet agency happy hours... and decide who's gonna be the fear monger of the week...

meanwhile I have my home-built rig and hafta wait for Intel to release a block/patch for something they "created" for the Alphabets?
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 06, 2017, 02:13:52 pm
Well not really .. if I have any secrets I simply don't put them on a PC/phone/tablet/interweb/or even paper, end of story .. anything outside of my head I don't consider secure, the rest is just about 'degree'.

Hasn't this always been the case ?

[EDIT]

So the fact it was me on the grassy knoll is still 100% secure .. Doh!!!
You're absolutly right. One of the reasons I've never understood why people write diaries?!?
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 06, 2017, 03:37:01 pm
Cool .. looks like Dell **will** be releasing a BIOS update on (or before) 2 Jan 2018 for my E6530's but not my E6520 [...]

Yes! Score (Desktop) ...


(http://vindsl.com/images/VinDSL_Opera Snapshot_2017-12-06_132824_www.dell.com.png)


And, score, again (Laptop) ...


(http://vindsl.com/images/VinDSL_Opera Snapshot_2017-12-06_132717_www.dell.com.png)


Gotta love them Dell peeps   :-*
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 06, 2017, 03:42:48 pm
Yeap, but I have an Asus ...

ASUS ? 

https://www.youtube.com/watch?v=AMCnMfbw95M
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 06, 2017, 05:13:25 pm
Yes, an Asus from March 2016 (that I bought) on PM 7 with a few visual tweaks, and a HP from May 2012, that I've recovered from the IT-dump at work, on Void linux with musl libC and Awesome wm.
Theses are my machines
I also take care of my daughters HP, can't check the BIOS date right now, also recovered from the same place, running Bodhi linux.
Nothing to be ashamed about  :D
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: VinDSL on December 06, 2017, 06:30:21 pm
Nothing to be ashamed about  :D

Yup. Just kidding you, bro.

I had a problem with an ASUS rebate, this year - that's all.

I still have psychotic breaks, every time I 'hear' their name, like the maniac in that movie. LoL!  ;D

Probably wasn't even ASUS' fault - rather, it was the scumbags that processed their rebates ...
Title: Re: Critical Flaws in Intel Processors Leave Millions of PCs Vulnerable, 21-NOV-2017
Post by: pin on December 07, 2017, 12:19:40 am
Yeah! I got that Cheers!!

Skickat från min SM-G900F via Tapatalk