Hello, welcome to the Friday, December 8th, 2017 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Remember about two weeks ago, Intel released a set of patches for its management engine, infamous Intel M.E and also active management technology or AMT,

to patch a couple of flaws. Well, we now got more details about this flaw at Blackhead Europe.

Positive Technologies who worked with Intel on these flaws and who originally discovered it,

did a demonstration of how to exploit these vulnerabilities.

Due to this particular code running outside of anything the operating system controls

any kind of security software that you are running on your system

like antivirus and the like is of course pretty much useless. On the other hand, this subsystem

is actually powered on as soon as you connect the computer to power. You don't actually have to really start up the system.

So this allows you to attack this subsystem on a computer that's turned off.

On the other hand, you do need physical access to the system

unless you can gain access via any of the remote control software like IPMI.

But in this case, you would need to get past authentication.

Of course, there have been in the past a couple of authentication bypass vulnerabilities in various IPMI or VPro implementations.

But at the very least, this opens up the possibility of a pretty nasty evil mate attack.

Usually that's a vulnerability that where you refer to leaving a laptop, unsupervised, in a hotel room,

and then a mate or someone with access to the hotel room would

be able to exploit it.

In this case they would have full access to the management engine.

They could introduce additional code or they could just swap out the firmware on it.

Now the particular exploit was demoed here at Blackhead Europe took advantage of a stack-based

...