Please consider upgrading to the latest version of your browser by clicking one of the following links.This article doesnt contain information related to the processor side-channel vulnerability (known as MeltdownSpectre).If youre looking for information on the MeltdownSpectre issue, go to Side-Channel Analysis Facts and Intel Products.
Frequently Asked Questions Section Available resources Intel official security advisory: Technical details on the vulnerability Resources for Microsoft and Linux users Intel CSME Version Detection Tool Resources from systemmotherboard manufacturers Note Links for other systemmotherboard manufacturers will be provided when available. Intel Management Engine Firmware Software Updates ToWhat do I do A: Intel has provided system and motherboard manufacturers with the necessary firmware and software updates to resolve the vulnerabilities identified in Security Advisory Intel-SA-00086. Contact your system or motherboard manufacturer regarding their plans for making the updates available to end users. Some manufacturers have provided Intel with a direct link for their customers to obtain additional information and available software updates (Refer to the list below). Q: Why do I need to contact my system or motherboard manufacturer Why cant Intel provide the necessary update for my system A: Intel is unable to provide a generic update due to management engine firmware customizations performed by system and motherboard manufacturers. Q: My system is reported as may be Vulnerable by the Intel CSME Version Detection Tool. Intel Management Engine Firmware Driver Or IntelWhat do I do A: A status of may be Vulnerable is usually seen when either of the following drivers arent installed: Intel Management Engine Interface (Intel MEI) driver or Intel Trusted Execution Engine Interface (Intel TXEI) driver Contact your system or motherboard manufacturer to obtain the correct drivers for your system. Q: My system or motherboard manufacturer is not shown in your list. What do I do A: The list below shows links from system or motherboard manufacturers who have provided Intel with information. If your manufacturer is not shown, contact them using their standard support mechanisms (website, phone, email, and so on) for assistance. Q: What types of access would an attacker need to exploit the identified vulnerabilities A: If the equipment manufacturer enables Intel-recommended Flash Descriptor write protections, an attacker needs physical access to platforms firmware flash to exploit vulnerabilities identified in: CVE-2017-5705 CVE-2017-5706 CVE-2017-5707 CVE-2017-5708 CVE-2017-5709 CVE-2017-5710 CVE-2017-5711 The attacker gains physical access by manually updating the platform with a malicious firmware image through flash programmer physically connected to the platforms flash memory. Flash Descriptor write-protection is a platform setting usually set at the end of manufacturing. Flash Descriptor write-protection protects settings on the Flash from being maliciously or unintentionally changed after manufacturing is completed. If the equipment manufacturer doesnt enable Intel-recommended Flash Descriptor write protections, an attacker needs Operating kernel access ( logical access, Operating System Ring 0). The attacker needs this access to exploit the identified vulnerabilities by applying a malicious firmware image to the platform through a malicious platform driver. The vulnerability identified in CVE-2017-5712 is exploitable remotely over the network in conjunction with a valid administrative Intel Management Engine credential. The vulnerability is not exploitable if a valid administrative credential is unavailable. If you need further assistance, contact Intel Customer Support to submit an online service request.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |