For those who own Intel CPU and value privacy

Almost all the modern Intel CPU's contain a thing called vPro.

It's and umbrella marketing term that contain lot's of various technologies but the first and most important is Intel's Active Management Technology (AMT).
It's an firmware that is run by secret ARC microprocessor.
Intel calls it "Intel Management Engine (ME)". Basically, another CPU that has total control over your computer, network connection, bypassing any OS and giving access to your computer remotely possible.

On some BIOSes you can disable AMT but there is no way to disable or remove ME or way of knowing if it can enable AMT back again.

So here is a small list of modern Intel CPU's that don't have vPro and so, in theory, should not also have AMT and ME inside.

https://www.orwell1984.today/no_vpro_for_me.html

These things will eventually (already?) get hacked by hackers or you know who ...
And then the **** hit's the fan if you have Intel CPU with this vPro **** inside.

 

https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/

Actually, according to Intel:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

You can check your CPUs for vPro etc at https://ark.intel.com/#@Processors

Intel's mitigation guide: https://downloadmirror.intel.com/26754/eng/INTEL-SA-00075 Mitigation Guide - Rev 1.1.pdf

 

Many, many thanks. I checked and discovered I have the vPro so I used the Intel mitigation guide to delete the LMS service. This forum rocks!

 

My CPU also has vPro. To be clear, is this section all I need to do?

 

I must admit that I don't fully understand whether this all is effecting Intel-based consumer PCs.

From one of the quotes quoted by mirimir:

Am I misunderstanding or missing things now? A bit confused now ...

 

Seeing all these vulnerabilities reminds me of a not so funny joke I heard many years ago - I've been reading about the ill effects of smoking, drinking, over-eating and lack of exercise so I've decided to give up reading. Seriously though, I doubt we will ever have a secure machine and with every patched vulnerability two more are discovered.

I don't think I'll worry about this one.

 

I don't know Windows. In Linux, you can check for an MEI controller:

Code:

# lspci | grep "MEI"

And whether MEI kernel modules (mei and mei_me) are loaded:

Code:

# modprobe -nr mei
# modprobe -nr mei_me

I'm sure that there's something analogous in Windows.

 

It seems pretty clear that MEI is part of vPro. But even if your CPU has vPro, your chipset must support MEI. And even if your CPU has vPro, and your chipset supports MEI, MEI must be configured.

Bottom line, only high-end consumer PCs could be vulnerable, and only such PCs managed centrally are likely vulnerable. Some high-end consumer PCs might have MEI configured by default.

 

From your link to the PDF I ran this and the file was not found.

Code:

netstat -na | findstr "\<16993\> \<16992\>
\<16994\> \<16995\> \<623\> \<664\>" 

I guess that might mean it isn't configured.

 

Not listening, anyway. You're probably OK

 

Everybody knows that network cards have a radio emitter that send your traffic to "official" listener /s

 

Intel patches remote code-execution bug that lurked in chips for 10 years

-- Tom

 

One of my laptops has vPro. Over a year ago LMS would consume 50% CPU and run for hours on end, so I disabled the exe way back then. On reading the thread today I am glad I did. Today, I ran the delete command rather than the disable command. NB: I think that disable command needs a space after the equal sign.

 

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>sc config LMS start=disabled
[SC] ChangeServiceConfig SUCCESS

C:\WINDOWS\system32>sc delete LMS
[SC] DeleteService SUCCESS

 

Krusty, it seems for consumer machines, it's a personal choice and not particularly dire. I have a business machine and tried unsuccessfully to do something about Intel ME some time ago. The machine has firmware version 11.0.0.1168 which is among the vulnerable versions. Even though my risk was relatively low, I was very glad to remove LMS finally, though it seems you have to ensure it doesn't get reinstalled down the road.

 

Mirimir, thank you!

=====

Some other links:

Tom's Hardware : http://www.tomshardware.com/news/intel-amt-vulnerability-me-dangerous,34300.html

DSLR forum : https://www.dslreports.com/forum/r31388331-Intel-AMT-SBT-SME-Escalation-of-Privilege-CVE-2017-5689

 

https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability

 

Woah, this is amazing.

https://arstechnica.com/security/20...-in-intel-chips-is-worse-than-anyone-thought/

 

Broken link in this part of the quote:

That part should be:

 

OK, fixed

 

I wonder if this is going to be a boost for AMD, I mean this is quite a serious and unacceptable bug.

 

"Intel patches remote hijacking vulnerability that lurked in chips for 7 years" Not 10

 

I have a Lenovo desktop affected by this problem. What I did was just to uninstall AMT. Is this enough?

Afterwards, the Lenovo updater (System Update) began offering the AMT driver as an update, but 2 or 3 days later it disappeared from the update list. I will update the firmware when the patch becomes available.

 

Unlikely since AMD and Arm have their equivalents. And, even worse than "normal" buggy software, we have hardware companies "doing" software. Not a pretty sight I've found.

The real issue with all this is the pretty much absolute avoidance of liability that software and hardware companies have - I mean, I get why you don't want consequential loss, on the other hand, that rests on people and companies not being negligent. This level of dreadful surely warrants the negligent label - at the very least, you should have independent audit as a CYA measure. When you're negligent in the real world, you have to do things like face class action lawsuits which award significant compensation. Even the recall scene imposes substantial costs in the physical world. But here, we have Intel - what are you going to do?