back to article Conti spotted working on exploits for Intel Management Engine flaws

The notorious Conti ransomware gang has working proof-of-concept code to exploit low-level Intel firmware vulnerabilities, according to Eclypsium researchers. Recently leaked Conti documents show the criminals developed the software more than nine months ago, and this is important because exploiting these kinds of weaknesses …

  1. Clausewitz4.0
    Devil

    HP iLO / Intel ME

    Those are wonderful remote management interfaces.

    The work of engineers can be drastically reduced in case of an emergency.

    A critical vulnerability in those for sure costs a lot of money.

  2. Gene Cash Silver badge

    Not upgradable

    the problem remains that many organizations don't update their chipset firmware

    I don't know of any of my PCs or the PCs at work where I can upgrade the chipset firmware. BIOS/UEFI, yes. CPU microcode, yes. Chipset firmware. Nope.

    1. An_Old_Dog Silver badge

      Re: Not upgradable

      Don't know which manufacturer makes your company's PCs, but all the business-class Dell desktop models I evaluated for our large (13K+ desktops) network had chipset firmware updates for each model; Micron PCs also. I believe the updates were sourced from Intel.

    2. Anonymous Coward
      Anonymous Coward

      Re: Not upgradable

      Lenovo has - the Intel Management Engine update immediately comes up when you run their update software. Can't remember if it's flagged critical, but it's there.

    3. Anonymous Coward
      Anonymous Coward

      Re: Not upgradable

      I think you may need to pay more attention to the BIOS/UEFI updates when you're applying them and also read the release notes.

  3. An_Old_Dog Silver badge
    Unhappy

    Security, at a price

    Good thing I still have some pre-IME / pre-PSP computers.

    They work fine, but are way slow doing compiles, and unacceptably-slow doing video transcoding.

    1. Anonymous Coward
      Anonymous Coward

      Re: Security, at a price

      You're using 14 years old PCs? And I thought I was bad for not throwing away old shite

    2. Al fazed Bronze badge
      Thumb Up

      Re: Security, at a price

      Then these machines do not need to be connected to the Internet, for handling eMails, or browsing the web.

      Even a pre IME PC can be OK for video compilation if it isn't being asked to do other tasks at the same time. And it won't be attackable via it's NIC.

      ALF

  4. Anonymous Coward
    Anonymous Coward

    More arguments for AMD?

    I think Intel very much screwed the pooch on this one, long term.

    If you have to choose between a chip that uses more energy and then forced you to waste someo of that performance on keeping backdoors shut or something that's both cheaper, faster and more energy efficient it would almost amount to criminakl negligence if you didn't pick AMD. Or Apple's M1, but that's not going to help you much on the server side.

    1. An_Old_Dog Silver badge

      Re: More arguments for AMD?

      Google AMD PSP CVE

      ... then come back and tell us how "secure" AMD is. (I have Intel, AMD, AIM [PowerPC], Motorola, and Broadcom CPUs, and am not slamming or praising any of them for security or lack thereof.) The Platform Security Processor is AMD's flavor of Intel's Integrated Management Engine.

    2. Henry Wertz 1 Gold badge

      Re: More arguments for AMD?

      AMD has PSP. Since that's already been posted about I won't bring it up again...

      M1 is Apple proprietary and effectively an undocumented "black box". This SoC includes a GPU and power management, all with closed-source and potentially exploitable firmware, and ARM Trustzone which provides "secured" and "non-secured" software environments, again using either yet another embedded CPU and firmware, or using "below the level of the OS" firmware to implement. From what I've seen the M1 is an exccelent CPU both in terms of power use and in terms of performance, but if you're trying to avoid having potentially exploitable binary blobs running on your system, an Apple product is probably the worst way to do it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like