Intel to slap hardware lock on Management Engine code to thwart downgrade attacks

Solarquest

Moderator
MalwareTips Staff
AV-Tester
Joined
Jul 22, 2014
Messages
1,946
#1
From version 12 onward, ME-equipped chips will defend against patch rollbacks

Intel's Coffee Lake and Cannon Lake x86 processors can be fortified by computer manufacturers to prevent in hardware attempts to downgrade, exploit and potentially neuter Chipzilla's built-in creepy Management Engine.

In June, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy privately reported to Intel a brace of exploitable bugs – CVE-2017-5705, 5706, and 5707 – in the powerful Management Engine's firmware.


Last month, in response and ahead of Ermolov and Goryachy's public presentation of their research at Black Hat Europe, Chipzilla published eight vulnerability notices: the tech giant admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) could be attacked to give miscreants access to the controversial hidden administrative layer – effectively granting God-mode on the computer.
...
...
 
Joined
Nov 8, 2014
Messages
1,258
OS
Windows 10
Antivirus
Microsoft
#2
From version 12 onward, ME-equipped chips will defend against patch rollbacks

Intel's Coffee Lake and Cannon Lake x86 processors can be fortified by computer manufacturers to prevent in hardware attempts to downgrade, exploit and potentially neuter Chipzilla's built-in creepy Management Engine.

In June, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy privately reported to Intel a brace of exploitable bugs – CVE-2017-5705, 5706, and 5707 – in the powerful Management Engine's firmware.


Last month, in response and ahead of Ermolov and Goryachy's public presentation of their research at Black Hat Europe, Chipzilla published eight vulnerability notices: the tech giant admitted its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) could be attacked to give miscreants access to the controversial hidden administrative layer – effectively granting God-mode on the computer.
...
...
Its already working. You can't downgrade after upgrading 11.8 (version that fixes the exploits published by Intel SA00086). According to Dieter aka Fernanado at Win-raid said "Once you upgrade to MEI 11.8 and even if downgraded the PC acts weird or cause unexpected behaviour forcing users to switch to 11.8 version or above".