• Intel Management Engine vulnerability: Microsoft says it doesn’t affect Surface

    Posted on December 12, 2017 at 08:03 CST by Comment in the Forums

    You may have heard about the Intel Management Engine security bugs. A spate of research, publicized in the past few weeks, has left a lot of people worried about potential security holes in their processors.

    Lily Hay Newman at Wired puts it this way:

    The Management Engine is an independent subsystem that lives in a separate microprocessor on Intel chipsets; it exists to allow administrators to control devices remotely for all types of functions, from applying updates to troubleshooting. And since it has extensive access to and control over the main system processors, flaws in the ME give attackers a powerful jumping-off point. Some have even called the ME an unnecessary security hazard.

    Intel specifically undertook what spokesperson Agnes Kwan called a “proactive, extensive, rigorous evaluation of the product,” in light of findings that Russian firmware researchers Maxim Goryachy and Mark Ermolov from the vulnerability assessment firm Positive Technologies will present at Black Hat Europe next month. Their work shows an exploit that can run unsigned, unverified code on newer Intel chipsets, gaining more and more control using the ME as an unchecked launch point. The researchers also play with a sinister property of the ME: It can run even when a computer is “off” (just so long as the device is plugged in), because it is on a separate microprocessor, and essentially acts as a totally separate computer.

    Most importantly, the IME bug appears in every recent Intel chip.

    Microsoft Surface devices use Intel chips, so folks have been very concerned that their machines could be hacked using the Goryachy/Ermolov technique.

    Yesterday, Microsoft released an analysis on the Surface blog that says Surface machines are hooked up so that kind of data breach is impossible:

    1. Remote exploit of this vulnerability requires Intel Active Management Technology (AMT). Current Surface devices do not allow remote connectivity to the ME because our devices do not run AMT.

    2. Local exploit of this vulnerability requires Direct Connect Interface (DCI) access via USB, which is not provided on Surface devices.

    It looks like Surface machines are safe from this kind of breach.

    Windows Patches/Security ,
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.