Hacker News new | past | comments | ask | show | jobs | submit login

Thankfully this doesn't look quite as serious as the SemiAccurate article earlier today made it look (it's AMT, not ME), and doesn't affect consumer CPUs. But if you have AMT provisioned, then holy cow this is really really bad. Remotely exploitable is just wow.



It's bad enough. And SemiAccurate did live up to its name.


Agreed, it's still very bad. I don't want to imagine how many company PCs are affected by this, and which percentage of those is going to get the firmware update.


Interestingly, they got the versions right, if not the feature (AMT vs ME).


https://software.intel.com/en-us/blogs/2011/12/14/intelr-amt...

AMT is run in the management engine. "The Intel AMT functionality is contained in the ME firmware (Manageability Engine Firmware)."

So, yes, it's the ME that was exploited. AMT is just an app for the ME.


No, that's not the same. Imagine ME being exploited, that would open up the system regardless of whether or not you even had AMT, installed or enabled. That would be a far more serious issue, the number of systems affected would be a very large multiple of the number of systems affected by this bug.


Well, if there is a vulnerability for Nginx on Linux, you wouldn't say Linux had a vulnerability right? I think this situation might be similar.


Apparently, systems with vPRO functionality are also affected, which would include almost all Xeons[1], and many of the upper range consumer chips.

If that's the case, this might really become huge.

[1] http://ark.intel.com/Search/FeatureFilter?productType=proces...


VPro is not in all Xeons, AMT is in only two Xeons that I've been able to find so far, 3400 and E3-1200.



No, it does not. Again: VPro is not in all Xeons (though it is in many of them, and it is in most or all of the current product line), AMT is in only very few Xeons.

If VPro were in all Xeons then each and every Intel based computer in a DC would be affected. And that's clearly not the case. Also, it is not yet clear - at least to me - whether or not VPro is affected at all but if the ME runs AMT then it definitely is affected.


Every Xeon I’ve ever used is in that list, as is every other Intel CPU I’ve ever used.

It’s quite an extensive list, and definitely not "only 2"


The 'only 2' are about which Xeons I've found that definitely run AMT. That's something else. Intel isn't helping with their marketing spaghetti, but you're also not helping by suggesting that each and every Xeon is affected.

Though if that is the case Intel has a much more serious problem on its hand for suggesting that only business desktops and a couple of low end servers are affected.


Considering how right SemiAccurate was already today, I’m inclined to believe him that vPRO and co are affected.


> Considering how right SemiAccurate was already today, I’m inclined to believe him that vPRO and co are affected.

Well, he was 'SemiAccurate', not accurate so you have all the reason to believe until further notice that VPro is not affected by this bug and claiming different is like shouting 'fire' in a crowded theater. Absent hard proof I don't think you should make such claims. Though I'm sure most sysadmins here would know the difference between a legitimate claim of such magnitude and an inaccurate one.

SemiAccurate got the gist right but lots of the details wrong.


> Well, he was 'SemiAccurate', not accurate so you have all the reason to believe until further notice that VPro is not affected by this bug and claiming different is like shouting 'fire' in a crowded theater. Absent hard proof I don't think you should make such claims.

Considering the fact that people claimed a few hours ago AMT would be entirely secure, I think the opposite should hold true right now. Assume everything is vulnerable, unless proven otherwise.

This is standard practice in most of IT, but apparently we ignore it here.


> Considering the fact that people claimed a few hours ago AMT would be entirely secure, I think the opposite should hold true right now. Assume everything is vulnerable, unless proven otherwise.

Well, in that case you'd better disconnect from the internet don't you think?

AMT was not claimed to be 'entirely secure' by anybody that mattered as far as I'm aware and Intel is pretty explicit about this vulnerability. It is a bad one because it is a remote exploitable one, but it isn't the first vulnerability either.

> This is standard practice in most of IT, but apparently we ignore it here.

Standard practice is to go on facts, not on conjecture or hype. If VPro rather than AMT is exploitable that would be very big news, far larger than the issue currently being reported. So far I have not seen a shred of evidence for that but who knows, that might change and then it will be a very very long night for a lot of people here. For now though there is no reason to be so alarmist.

Also, I'm kind of done with this discussion, you seem to want to hold on to a rumor on a website calling itself 'semi accurate' which in fact was exactly that and for which I'm grateful to them. But they are not authoritative in any way and you should stop making it seem as if they have the last word on this, if you want to make a point show some proof.

VPro or not doesn't matter, if the ME runs AMT then you might be affected if the version numbers are the ones listed in TFA so that's what you should go on, not just on whether or not you have VPro.

And if you don't need it disable this stuff in your BIOS, no need to enlarge your attack surface without a reason.


> And if you don't need it disable this stuff in your BIOS, no need to enlarge your attack surface without a reason.

I can’t. My BIOS has no option for AMT.

But AMT is running, it’s exposed on the specified port via HTTP.

And this is on a consumer PC, with an i7-6700.


Either way, whether it is running or not does not matter, you should simply upgrade your firmware (if possible!).


I can't — I have no Windows on the affected systems, and the motherboard manufacturer has no release either.



That only works with SandyBridge and IvyBridge, several generations older than your parent's i7-6700.



That selects for VPro, which is not the same as AMT.

Note that the Intel advisory does not list VPro. If that is the case then tomorrow would be a really good time to buy some AMD stock, there would be very very large numbers of Xeons affected.


But the Intel advisory specifically links to this document[1] to assess your exposure, which just says to look for VPro. The info out there is still garbage at this point, but that seems to be the most authoritative I've seen so far.

[1] https://communities.intel.com/docs/DOC-5693


Interesting. So, AMT being a part of VPro might have warranted the inclusion of that term or the term 'Xeon' with a list of SKUs in the original advisory or something if they are affected. Right now it reads as if the server side is a-ok except for some rare beasts, so that's what I'm going on until there is evidence to the contrary.

I'm halfway tempted to call my sysadmin out of bed to check one of our systems that I'm quite sure has VPro to see if it is vulnerable. Fortunately my main server is an AMD Bulldozer box.

Regardless, if it runs AMT you should check it, VPro or not is really besides the point, it's AMT that is the problem, not VPro as such, which is just another marketing term for the ME and application suite if I understand it correctly, and if that were exploitable instead of 'just' AMT it would be much bigger (and worse) news.

But saying that all VPro enabled Xeons or even every Xeon is affected is needlessly alarmist.

Here is a wikipedia article on AMT:

https://en.wikipedia.org/wiki/Intel_AMT_versions

If you look at the list of version you can see they all target Desktop and Mobile, no Xeons besides the one I listed earlier. The document you linked also explicitly states 'PC's', not 'servers', though it is definitely possible that some hosting facilities use (cheaper) desktops as servers.


Well according to the all knowing wikipedia only the Xeon E3-1200 product family has AMT and would be vulnerable. So your servers should be ok, but most every desktop and laptop on your network with an Intel processor from the past 10 years, not so much.

Forgot the link: https://en.wikipedia.org/wiki/Intel_Active_Management_Techno...


The Xeon 3400 as well. I've not yet found any others that are also probably vulnerable.

It would be really nice if Intel would categorically state which Xeon line products are and are not affected.


"So, AMT being a part of VPro "

I thought AMT was a component of VPro. I assumed all VPro systems had it based on early marketing of the management capabilities of VPro. They were just bundling management and security features. Memory too broken to be sure but that feels like what I said to a lot of people over time.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: