Michael Lazin on 6 Jan 2018 09:57:30 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Intel SA-00086 critical BIOS update


Thanks, I saw that after the fact.  I just panicked when I realized my laptop is not getting patched anytime soon.  I see the exploit only
 effects it if someone has physical access, or remote management is enabled.  I just like to be proactive about security, it's a tinge of paranoia I suppose, thanks.

On Sat, Jan 6, 2018 at 12:48 PM, Ronald Guilmet <ronpguilmet@gmail.com> wrote:

My laptops were automatically patched for me with my updates (Dell and HP). I did a cursory read on Intel's site, and it said the attacker needs physical access to inject the malicious code, so I'm not worried. Given that the majority of all IT attacks come from published CVEs, you should make sure it is addressed. If you have cloud servers like Linode, I wouldn't be concerned. I'm sure they will address those issues. If you have your own hardware in a data-center you will have to check that yourself. Maybe I misread something, but this doesn't seem like anything you need to jump out of bed and run red lights for.


Ron


On 1/6/2018 11:29 AM, Michael Lazin wrote:
I ran this on my 3 intel home computers and found that one was vulnerable, one was not, and one could not be detected.  The vulnerable machine is an older laptop and there is no patch available from the manufacturer at this time.  I did find this article on disabling the the vulnerable engine:

https://hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa

I cloned the code from github, but I am loathe to run unverified python code as root that might damage hardware.  Does anyone else have a better suggestion on securing an old laptop which runs Ubuntu and does not have a patch?  Thanks.

On Sat, Jan 6, 2018 at 9:52 AM, Lee H. Marzke <lee@marzke.net> wrote:
Looks like this issue is related to Meltdown / Spectre  exploits in the Intel management engine or trusted platform.

There is a downloadable tool for Linux and Windows to test you BIOS for the vulnerability.

Mostly affects  corporate platforms which have remote management or TPM enabled,
not home computers.     Many older laptops, servers, etc may be un-fixable do
to lack of BIOS upgrades.

Most attacks may require physical access to computer, or an available remote management cert, so
perhaps this isn't as bad as first appears for older computers.

Lee


--
"Between subtle shading and the absence of light lies the nuance of iqlusion..."  - Kryptos

Lee Marzke,  lee@marzke.net     http://marzke.net/lee/
IT Consultant, VMware, VCenter, SAN storage, infrastructure, SW CM




___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug




--
Michael Lazin

to gar auto estin noein te kai ennai


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug




--
Michael Lazin

to gar auto estin noein te kai ennai
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug