Hello, welcome to the Tuesday, November 21st, 2017 edition of the Sandinand Storm Center's Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. Now, we have talked about Intel's

manageability engine in the past. Usually, researchers come up with vulnerabilities in this particular processor that's included in the past. Usually researchers come up with vulnerabilities in this particular processor

that's included in many of the newer Intel platforms. Now today Intel released a

bulletin with fixes for a number of different vulnerabilities that apparently were found in Intel's own internal testing.

Most of these vulnerabilities are privilege escalation vulnerabilities, but what this really means

when it comes to the active management technology AMT or the manageability engine, M.E,

is that an attacker that gained admin access on your system is now able to run code due to

these vulnerabilities using these active management technologies.

The result is that this code really runs outside the operating system. This is essentially

a separate small computer that's running next to the CPU. So your antivirus is pretty much

out of scope here. And also if you are rebuilding the system from scratch, you're likely not going to touch any code that the attacker stored in this subsystem.

Intel did release a tool.

It allows you to detect if you are vulnerable.

The tool applies to Windows and Linux.

Now, OS10 users.

As long as you are running on Apple's hardware, you should be fine because it doesn't

chip with the manageability engine.

Now Intel only released a detection tool, it did not release a patch for end users.

That's something the manufacturer of your motherboard, of your computer has to do. Lenovo,

for example, already released patches according to Intel. Haven't seen any patches from anybody else

so far. However, the link that Intel has on its side to Lenovo's version of the advisory currently

...