Results 1 to 1 of 1

Thread: Intel Firmware Vuln

  1. #1
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Intel Firmware Vuln

    FYI...

    Intel Firmware Vuln
    > https://www.us-cert.gov/ncas/current...-Vulnerability
    Nov 21, 2017 - "Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.
    US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware."

    Intel Security Advisory INTEL-SA-00086
    > https://security-center.intel.com/ad...nguageid=en-fr
    1.0 - 20-November-2017 - Initial Release
    1.1 - 21-November-2017 - Updated Recommended and minimum versions
    1.2 - 22-November-2017 - Updated links to online support page
    1.3 - 29-November-2017 - Updated title for Intel® Manageability Engine Firmware 8.x/9.x/10.x
    1.4 - 01-December-2017 - Added clarification for physical access requirement
    1.5 - 19-December-2017 - Updated references for Intel® Manageability Engine Firmware 6.x/7.x
    1.6 - 22-December-2017 - Further clarified references to Intel® Manageability Engine Firmware 6.x/7.x

    Support Article
    > https://www.intel.com/content/www/us.../software.html
    Last Reviewed: 26-Dec-2017

    Detection Tool
    > https://downloadcenter.intel.com/download/27150
    Version: 1.0.0.152 (Latest) Date: 12/19/2017
    ___

    - https://www.securitytracker.com/id/1039852
    CVE Reference: CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712
    Updated: Dec 5 2017
    Nov 21 2017
    Version(s): 11.0, 11.5, 11.6, 11.7, 11.10, 11.20 ...
    The following processor series are affected:
    6th, 7th, and 8th Generation Intel Core
    Intel Xeon Processor E3-1200 v5 and v6
    Intel Xeon Processor Scalable
    Intel Xeon Processor W
    Intel Atom C3000 Processor
    Apollo Lake Intel Atom Processor E3900 series
    Apollo Lake Intel Pentium
    Celeron N and J series Processors
    [Editor's note: The Intel Trusted Execution Engine (TXE) and Intel Server Platform Services (SPS) products are affected by separate vulnerabilities.] ...
    Impact: A remote authenticated user can obtain elevated privileges on the target system.
    A local user can obtain elevated privileges on the target system.
    Solution: The vendor has issued a fix...

    Last edited by AplusWebMaster; 2017-12-28 at 22:39.
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •