[SystemSafety] Vulnerability in Intel firmware
Derek M Jones
derek at knosof.co.uk
Tue May 2 15:15:00 CEST 2017
All,
Today's cpus don't just execute users' programs, they contain
private execution units that execute programs written by
the vendor that provide various systems management functionality.
The execution of these management program is invisible to the OS
and they often have complete access to memory; they are the ultimate
in undetectable system access.
Needless to say, when one of these programs contains a vulnerability
it is very serious.
Fixing a vulnerability in one of these programs is non-trivial. A cpu
firmware update is needed; it is not your usual patch Tuesday.
The patch has to be digitally signed by your hardware vendor,
Intel cannot do it; assuming your particular hardware is still
being maintained.
The following news of a vulnerability going back eight years has
just ruined May for some people:
https://www.theregister.co.uk/2017/05/01/intel_amt_me_vulnerability/
--
Derek M. Jones Software analysis
tel: +44 (0)1252 520667 blog:shape-of-code.coding-guidelines.com
More information about the systemsafety
mailing list