Windows 10 News and info | Forum
April 02, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Security researchers find another vulnerability in Intel CPU's  (Read 20 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31262


I Do Windows


WWW Email
« on: March 06, 2020, 06:07:03 PM »
ReplyReply

   And it can’t be patched

Intel is in hot waters again as security researchers have identified another critical flaw in Intel CPUs. The latest flaw is just another blow to Intel as the manufacturer struggles to keep up with the market and gain the trust of the users. Unfortunately for Intel, the latest flaw is relatively easy to exploit and can’t be fixed unless the user replaces the CPU itself.

The flaw was identified by security researchers at Positive Technologies who did a pretty good job of explaining the flaw. Essentially the flaw lies in the Converged Security and Management Engine (CSME) and is impossible to fix with a patch or a firmware update. The flaw lies in all the Intel chipsets released in the last five years but doesn’t impact the latest 10th gen CPUs.

Quote
The vulnerability discovered by Positive Technologies affects the Intel CSME boot ROM on all Intel chipsets and SoCs available today other than Ice Point (Generation 10). The vulnerability allows extracting the Chipset Key and manipulating part of the hardware key and the process of its generation. However, currently it is not possible to obtain that key’s hardware component (which is hard-coded in the SKS) directly. The vulnerability also sets the stage for arbitrary code execution with zero-level privileges in Intel CSME.

– Positive Technologies

The CSME is a “Root of Trust” for the rest of the security and because the flaw lies in the bootROM of CSME it cannot be changed after the CPU is manufactured. The flaw will leave the system open to both local and physical attacks and the only way to protect yourself is to upgrade to the 10th gen processors.

Positive Technologies also noted that the next step for bad actors would be to extract the hardware key, which encrypts the Chipset Key, or a single key used across the entire generation of Intel CPUs and “When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted.”

Positive Technologies will be releasing a full-length white paper soon which will provide more information on the vulnerability. Intel, in the meantime, has tried to downplay the severity of the flaw and has assured users that the bug can be exploited only via physical access to the device. The company has released a security bulletin which has some recommendations on how to mitigate the problem.

source
Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page March 07, 2020, 03:20:17 PM