Major security flaw found in Intel processors (UPDATE)

Discussion in 'UDOO X86' started by LDighera, Jan 5, 2018.

  1. LDighera

    LDighera UDOOer

    Joined:
    Jan 13, 2014
    Messages:
    206
    Likes Received:
    36
    NEW!

    Microsoft issues emergency Windows update for processor security bugs
    The software update is part of a number of fixes that will protect against a newly-discovered processor bug in Intel, AMD, and ARM chipsets. Intel says it’s working with AMD and ARM in a strongly worded statement, despite AMD engineer Tom Lendacky previously saying “AMD processors are not subject to the types of attacks that the kernel page table isolation feature protects against.” Intel says it planned to disclose this issue next week along with other vendors, but that it’s issuing a statement today due to what it angrily describes as “inaccurate media reports.”

    Intel® Management Engine Critical Firmware Update (Intel-SA-00086) Last Reviewed: 26-Dec-2017

    Detection ToolVersion: 1.0.0.152
    Windows and Linux: https://downloadcenter.intel.com/download/27150?v=t

    Previous Version: 1.0.0.135 was posted to this forum Nov 21, 2017.

    Note: Versions of the INTEL-SA-00086 Detection Tool earlier than 1.0.0.146 did not check for CVE-2017-5711 and CVE-2017-5712. These CVE's only affect systems with Intel Active Management Technology (Intel AMT) version 8.x-10.x. Users of systems with Intel AMT 8.x-10.x are encouraged to install version 1.0.0.146, or later, to help verify the status of their system in regards to the INTEL-SA-00086 Security Advisory.

    Possible performance issue with patch installation:


    AMD has a similar technology built into their processors, including a hidden debug mode that's recently been reverse engineered.

     
    Last edited: Jan 5, 2018
    FirstGenGeek likes this.
  2. ccs_hello

    ccs_hello UDOOer

    Joined:
    Apr 15, 2017
    Messages:
    536
    Likes Received:
    194
    The first paragraph is the new issues identified. On Intel side, it is numbered as SA-00088.

    The rest of the previous post is a different one (SA-00086) which had been discussed around November 2017 in this forum previously.
     
    LDighera likes this.
  3. LDighera

    LDighera UDOOer

    Joined:
    Jan 13, 2014
    Messages:
    206
    Likes Received:
    36
    Yes. The first paragraph is the new issue. And the links at the bottom refer to the new issue.

    The "old issue" has been updated also.
     
  4. FirstGenGeek

    FirstGenGeek Member

    Joined:
    May 25, 2016
    Messages:
    66
    Likes Received:
    26
    I ran the Intel Detection ToolVersion (1.0.0.152) on the UDOO X86 and it reports the "system is not vulnerable" to the Meltdown or Spectre flaws. From what I can see on my Intel based laptops, and those of friends and family, laptop models all appear safe. I'm guessing that mostly servers, desktops, and high-end gaming laptops support the Management and Trusted Execution Engines in their BIOS' and are therefore more at risk.

    I also noticed that for some reason (likely due to the X86's minimal use of unique devices) Microsoft installed the latest Win10 build 16299.192 on my UDOO X86 earlier than my other computers.
     
  5. ccs_hello

    ccs_hello UDOOer

    Joined:
    Apr 15, 2017
    Messages:
    536
    Likes Received:
    194
    This thread is all about (from Intel point of view) SA-00088 issues (three of them.)

    There is a tool for SA-00086:
    Intel-SA-00086 Detection Tool 1.0.0.152
    It is unrelated with what we are discussed here.

    ccs_hello
     
  6. FirstGenGeek

    FirstGenGeek Member

    Joined:
    May 25, 2016
    Messages:
    66
    Likes Received:
    26
    I didn't see the original thread. I'm aware of the following two additional processor related flaws, what is the third?
    CVE-2017-5753 https://01.org/security/advisories/intel-oss-10002

    CVE-2017-5754 https://01.org/security/advisories/intel-oss-10003

    It was my understanding that vulnerability tests for the above were added to Detection Tool version 1.0.0.152, but can't find where I read that.

    Note: CVE-2017-5716 https://01.org/security/advisories/intel-oss-10001 goes back to Aug., 2017.
     
  7. Markus Laire

    Markus Laire Active Member

    Joined:
    Mar 9, 2017
    Messages:
    225
    Likes Received:
    91
    FirstGenGeek likes this.
  8. ccs_hello

    ccs_hello UDOOer

    Joined:
    Apr 15, 2017
    Messages:
    536
    Likes Received:
    194
    There are 3 attack variants on this Jan 03, 2018 SA-00088 disclosure.
    Variant 1: CVE-2017-5753 (a flavor of) Spectre
    Variant 2: CVE-2017-5715 (another flavor of) Spectre
    Variant 3: CVE-2017-5754 Meltdown

    BTW, Intel-SA-00086 Detection Tool
    can be found here
    https://downloadcenter.intel.com/download/27150?v=t

    If you run GUI version of the tool (Intel-SA-00086-GUI.exe), it will show its version: 1.0.0.152

    ccs_hello
     
    FirstGenGeek likes this.

Share This Page