Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

The Register ^ | Nov 20, 2017 | Thomas Claburn

[dayglored]

Ruh-roh.

[dayglored]

Bugs in the last place you want them ... PING!

You can find all the Windows Ping list threads with FR search: just search on keyword "windowspinglist".

[dayglored]

For those not aware of the Management Engine, it’s a separate, independent CPU, buried in the main CPU, that can run even with most other functions disabled or turned off. There are previous Windows Ping List threads on this topic.

[MeganC]

Is this a flaw or is it one of those ‘features’ that the NSA blackmailed Intel into creating for them?

[Terry L Smith]

You can thank the guys that work in the “intelligence community”, who are the “cyberwarriors”, these days.

More like TSA rejects, if you ask me!

[Red Badger]

[RightGeek]

I spend more time than I care to think about updating my tech stuff. Or more precisely tracking down the updates.

[miliantnutcase]

Yes EMT ALWAYS has critical vulnerabilities... every couple months I get a new critical update email from our OEM.

[zeugma]

I ran the provided 'detection tool' from Intel. It was next to useless on my system. Here's the output:

Detection Error: This system may be vulnerable, please install the Intel(R) MEI/TXEI driver (available from your system manufacturer).

I don't have a system manufacturer, as I built this computer myself.

[RinaseaofDs]

Maybe they can fix the deprecation routine that slows the PC down gradually over time until it simply fails to run anymore.

I never understood why a perfectly good computer running a limited number of application gradually slows to the point of unusability.

[mad_as_he$$]

Thanks. Sent this to my SA and he came right back and said that he had already patched two of my systems. The rest are too old to be vulnerable.

[dayglored]

> Maybe they can fix the deprecation routine that slows the PC down gradually over time until it simply fails to run anymore. I never understood why a perfectly good computer running a limited number of application gradually slows to the point of unusability.

Long-term slowdown is generally due to one or both of these:

• Windows.
  Although WIn10 is better in this respect than its predecessors, all Windows installations slow down considerably over time ("get stale") because of the way internal data is managed. Other operating systems are somewhat prone to the problem also, but Windows is generally considered the worst in this respect. As a rule, it's advisable to re-install Windows fresh every few years; more often on heavily used systems.

• Hard disk fragmentation.
  As a disk fills up and is modified repeatedly, the files get broken up into smaller and smaller pieces. This causes the hard drive arm to have to move around more ("head thrash") which slows down data access. (This is true of rotating mechanical drives, not SSDs.) Disk defrag utilities can reduce this problem considerably. Or one can backup the disk to another drive, reformat, and copy it all back, so that the files are contiguous again (for a while).

There are other causes of slowdown, but these are the ones encountered most often on personal systems.

[Regulator]

Um Yeah

That’s what happens when you hire armies of H1-Bs to regurgitate CrapCode day and night

It has memory leaks, crashes all the time for no good reason, and has backdoors everywhere since nobody thought about it and the Configuration Mgmt guys didn’t know or care

[hsmomx3]

On the disk clean-up, there are several items and I have no idea what is safe to delete and what should not be touched. For example, delivery optimization files.

[Hattie]

I disabled mine in Device Manager a long time ago. Could find no one who knew why it was there or what it did. Just turn it off.

[Chode]

wonderful...

[dayglored]

> On the disk clean-up, there are several items and I have no idea what is safe to delete and what should not be touched. For example, delivery optimization files.

There are utilities within Windows that can reduce the number of unneeded files (e.g. Accessories -> System Tools -> Disk Cleanup), and third-party utilities that can do even more.

I won't offer specific advice on what files to delete on someone else's system. Ya never know what lurks.

Do a full backup before running any such programs. And run a "verify" pass on it. If you're like me, do two full backups, in case the first one has problems down the line.

[Zathras]

You are more right than you know.
Intel Validation used to be one of the top notch groups within the company.

NOTHING got past this team without a really good reason.

Back 10 years ago, the Validation Team was forced (at threat of termination) to setup a validation group in Costa Rica.
Valued, experienced American workers were let go and the work was sent to Costa Rica.

About 3 years later, they started hearing reports of “Escapes” (Intel term for an ooops”

Validation Managers were thrown under the bus and blamed.
Very sad as great people were punished for something they were forced to implement.

[dayglored]

Re-reading my reply, ... oops. I assume you're talking about these:

http://www.thewindowsclub.com/can-i-delete-delivery-optimization-files-shown-by-disk-cleanup

If so, it does sound like you can delete them -IF- you have disabled Delivery Optimization (that link has details).

Do watch out for the ads on that page. Google has a number of other hits that might work better for you.

[Swordmaker]

Intel processors have a critical flaw inside their Management Engine, a deeply hidden separate processor inside the primary processor that is entirely independent of any operating system that is available to outside managers. Unfortunately, the flaws make it available to hackers as well. This has potential to affect Macs which also use Intel processors as well. — PING!

Intel Mac & PC Security Alert
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me