![]() Microsoft and Eclypsium lock horns over Dell SupportAssist flaws on secured-core PCs.If you've got Intel inside, you probably need to get these security patches inside, too.Analysis of leaked Conti files blows lid off ransomware gang.So it would be wise to take a quick break from reading this and make those fixes now if you haven't already. It takes the black hats longer because there is no code, but now that the first ME vulnerability is found it wont' be long till the next and the hat wearing people (white, grey and black) are investigating the ME system in full force now.The leaks show that the gang was fuzzing the ME to find undocumented commands and vulnerabilities. As a side note: although Conti engineers were looking for new ME vulns, the Eclypsium researchers have published a list of known ME flaws (plus related Intel advisories and CVEs) that enable remote code execution or privilege escalation. ![]() People have been begging Intel to release the ME code so it can be audited for years now, maybe after the 5th or 10th major vulnerability they will finally give in. One of the advantages of open source is it's easier for people to find those bugs and programming errors and get them fixed rather than having them sit there like a timebomb. I'm sure these management engines on both Intel and AMD will found to be full of holes, exploits and bad programming just like all the rest of the software in the world with these weaknesses hidden by proprietary code. Intel will divulge nothing about the ME other than the the relatively recent revelation that the ME is running Minix. Good luck to anyone other than Intel to know that, for all we know it does in fact do so.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |