Windows 10: Intel chip vulnerability lets hackers easily hijack fleets of PCs

Intel chip vulnerability lets hackers easily hijack fleets of PCs | ZDNet

 

Uh, their tools says based on the version of IME, my PC is not at risk. It also says the version of IME on my computer is "unknown". *Rolleyes Apparently Intel says consumer PC aren't vulnerable (ME vs. AMT I reckon).

*** ME Information ***
Version: Unknown
SKU: Consumer
State: None Detected
Driver installed: False
EHBCP Enabled: False
LMS state: NotPresent
MicroLMS state: NotPresent

*** Risk Assessment ***
Based on the version of the ME, the System is Not Vulnerable.

:)

 

how to I delete the update file for 2018-01 (KB4056892).

Hello Greg,

We’re aware of this industry-wide issue and have been working closely with chip manufacturers to develop and test mitigations to protect our customers. We are in the process of deploying mitigations to cloud services and are releasing security updates
today to protect Windows customers against vulnerabilities affecting supported hardware chips from Intel, ARM, and AMD. We have not received any information to indicate that these vulnerabilities had been used to attack our customers.

Kindly perform these quick steps to protect your PC against this security vulnerability, you may follow the steps provided in the article below.

Protect your device against chip-related security flaws

Regards.

 

Recent Windows Upgrade Fails

The latest upgrade to Windows 10 has tried twice and failed BOTH times... Whenever I turn on or reboot my PC windows update hijacks my machine and fails to upgrade after an hour. (first time I let it go overnight) How do I get it to STOP!

Further, once the old OS is recovered after rebooting twice Windows hijacks my internet connection to download it yet again.

This update acts like a hijack virus... ransom ware. I need to use my PC and do not have time for this hacker garbage.

 

Yes most consumer PCs should not be vulnerable. Only desktop boards with Q chip set (for example: Q77, Q87, Q170 etc.) paired with certain i5 or i7 CPUs that support vPro, and some business grade laptops like thinkpads etc. (usually have vpro sticker) are vulnerable.
I have business grade ThinkPad that supports Intel AMT and is vulnerable also desktop with Q87 for now disabled AMT waiting for patches.

Lenovo released statement with update schedule
Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Remote Privilege Escalation

For my Q87 board no news from Asus.

 

It absolutely affects end users. The scope is unknown.

Unfortunately, Intel's statement that 'Our Consumer Products Are Not Affected' has given a lot of people false confidence.

My system (b85 4790k) returns 'vulnerable'.

I know of at least two H87 owners getting the same results. H170 seems to have the same features.

Hilariously, there isn't a BIOS setting to disable it on my system. No update/patch from Gigabyte either.

What's worse, many people with problems around the launch of AU were told to install the Intel suite.

Shutting the port should be enough. Should be. But the story has already grown in disastrousness a couple of times! I worry that we'll see trojans emerge that open the port as a possible attack vector.

If you return positive, and are paranoid, the best technical advice I have heard is to not use the onboard LAN. The ME interface uses a layer 1-2 protocol to 'listen in' to traffic. It follows that it cannot listen in to another device (with a different MAC).

 

There must be something wrong with that tool because neither B85 nor H170 or H87 support iAMT (also even with supported chipset for example Q87 that particular cpu 4790k will not work - no support for vPro), they just don't have network KVM or other services (can you open webpage with pc stats when you type that pcs ip from network?) maybe there is some local exploit for some intel ME functionality but don't think there is any remote/network exploits.

 

It should be noted that if you are using any kind of physical firewall (Wireless router, cable modem with firewall, etc..) you won't be vulnerable. The machine has to be directly connected to the internet without a physical firewall (Software firwall probably won't work because the hardware itself is exposing the ports, before the OS is even running).

 

Most consumer routers even cheap ISP provided routers usually have some sort of firewall. That's why this vulnerability isn't that scary for most consumers. Except if someone gains access to local network or even that pc then it may do some damage. But some business/pro users that use intel AMT for controlling remote server/PC/etc. via internet (if you have remote server or pc to administer and need to have low level remote access, because RDP will not work for accessing BIOS or if windows crashed) may have opened that network interface to internet, then it's bad.

 

I ran the tool on my Haswell-E PC and it said I wasn't affected.