Hacker News new | past | comments | ask | show | jobs | submit login

And this exploit would have the same impact: you have to set up this feature in order to be affected.

Not entirely. It's locally exploitable even without configuration. Ideally, a physical disable would prevent that.


> An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs

This appears to imply an "exploit $site-backend -> provision AMT -> be vulnerable to network/local attack (for provisioned AMT) -> get AMT system privileges" route.

Except in large companies it's almost always enabled...

But then these companies wouldn't use the hardware disable, would they ?

I would. And then I'll play dump when the sysadmin asks why my machine isn't in the list.

Then the sysadmin enables it and if you disable it again they fire you.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact