Hacker News new | past | comments | ask | show | jobs | submit login

Seems like it could be a risk to the GCP/AWSs of the world.



Both GCP/AWS already probably have (or had, if they were alerted before public disclosure) security teams probing their internal systems to see if they're vulnerable, and install firmware patches. The danger is more medium-to-large organizations whose internal clouds and desktop systems are impossible to patch at scale.


AFAIK Xeons don't have AMT/ISM/SBT and thus aren't affected.

Servers may be affected by the absolute shit firmware living in their Aspeed BMCs, however.


Many Xeon SKUs include the Management Engine, which at times has seemed to share many of the features of AMT/SBT/etc, but its unclear on the exact attack vector for this vulnerability.

Having said that, the ME is so opaque, the same type of vulnerability could easily exist.


There are Xeons with AMT, at least the 3400, possibly more.

edit: E3-1200 as well, same kind of application, single CPU workstation chip.


If remote management is used for servers, it's normally IPMI with a completely separate baseboard controller that has its own NIC connected to a physically separate network [although some boards cheap out on that, notably older INTEL boards, where the separate NIC is an option you have to buy].

No mainstream (2-way) server has AMT, anyway.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: