18th September, 2018 By John E Dunn
It’s only September and yet 2018 is well on its way to being remembered as the year of fixing flaws we didn’t realise were possible in hardware we’d never heard of.
This theme kicked off in January with the Meltdown and Spectre CPU cache-timing flaws (and subsequent variants) and continued last week as users found themselves patching another even more obscure low-level system.
This time, the system was Intel’s component-with-many-names, the Management Engine (ME), AKA the Manageability Engine (ME), and the Converged Security and Manageability Engine (CSME).
A flaw was discovered by researchers at Positive Technologies in the security of two of the four cryptographic keys ME uses to store sensitive data. If this story seems a bit familiar, it is: the same organisation found a previous 2017 weakness in the same Intel ME system, that affected all four keys, which itself capitalised on an even older discovery.
Full Article.
Intel releases firmware update for ME flaw
Userlevel 7
+54
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.