[nSLUG] BIOS updating

D G Teed donald.teed at gmail.com
Wed Jun 14 16:10:09 ADT 2017


I was puzzled by the whole thing when I read up on it a couple of weeks ago.

It is enabled on the BIOS of many systems, even if you don't have a vPro
sticker.
However, it won't be listening unless the IP had been configured on the
system
to offer the management services.  Once it is configured, that IP is alive
even when the system is powered off.  Some newer systems have removed the
option from the BIOs to disable IME.  It is like lights out or baseboard
management
built-in to the main ethernet interface on the mainboard.

Big risk for anyone who has configured it, but just something
to be aware of for the rest of us.



On Wed, Jun 14, 2017 at 11:00 AM, George N. White III <gnwiii at gmail.com>
wrote:

> On 14 June 2017 at 08:16, Joel Maxuel <j.maxuel at gmail.com> wrote:
>
>> Thanks Dave.  I missed the memo on the active IME exploit.
>>
>> May not be much help to me anyway, based on the summary of changes for my
>> latest MoBo update:
>> http://support.lenovo.com/ca/en/downloads/ds029265
>>
>> I can check to see how bad it is, and what steps I can take tonight:
>> https://github.com/intel/INTEL-SA-00075-Linux-Detection-And-
>> Mitigation-Tools
>>
>> Thank you again.
>>
>
> Some US Government employees were told to get rid of their Lenovo laptops
> last fall.  Then in
> May Lenovo released Intel Management Engine Firmware 9.5 for my SSC issued
> laptop -- makes me wonder if US Gov't knew about IME exploits before they
> were made public,
> and if there are active exploits that still aren't public.
>
> Some articles suggest IME isn't an issue for linux users unless you use a
> high-end server
> farm that uses Intel's management tools, (possibly Google apps). That
> doesn't mean high-end
> malware won't leverage IME, but probably only after gaining full control
> of the system.   For
> home linux systems there may not be much to be gained from IME based
> exploits, but it
> sounds like something TLA agencies would use, so will probably escape to
> malware
> sooner or later.
>
> --
> George N. White III <aa056 at chebucto.ns.ca>
> Head of St. Margarets Bay, Nova Scotia
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/mailman/listinfo/nslug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20170614/db3ddc67/attachment.html>


More information about the nSLUG mailing list