Michael Lazin on 6 Jan 2018 08:29:21 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Intel SA-00086 critical BIOS update

I ran this on my 3 intel home computers and found that one was vulnerable, one was not, and one could not be detected.  The vulnerable machine is an older laptop and there is no patch available from the manufacturer at this time.  I did find this article on disabling the the vulnerable engine:

https://hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa

I cloned the code from github, but I am loathe to run unverified python code as root that might damage hardware.  Does anyone else have a better suggestion on securing an old laptop which runs Ubuntu and does not have a patch?  Thanks.

On Sat, Jan 6, 2018 at 9:52 AM, Lee H. Marzke <lee@marzke.net> wrote:
Looks like this issue is related to Meltdown / Spectre  exploits in the Intel management engine or trusted platform.

There is a downloadable tool for Linux and Windows to test you BIOS for the vulnerability.

Mostly affects  corporate platforms which have remote management or TPM enabled,
not home computers.     Many older laptops, servers, etc may be un-fixable do
to lack of BIOS upgrades.

Most attacks may require physical access to computer, or an available remote management cert, so
perhaps this isn't as bad as first appears for older computers.

Lee


--
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM




___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug




--
Michael Lazin

to gar auto estin noein te kai ennai
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug