Flaws found in Intel Management Engine (ME), TXE and SPS

kado897 said:

To be fair my HP lappy is only a month old so it should be well supported.

Hi @kado897
Congrat's on the new machine it's been wanted for quite a while :)

Hi,

When you say "you have to know exactly what FW you have" does that mean what is already installed so you can compare it to the new version or, you need to know for sure that the FW you pick to use is for your application? If the latter, how would you know?
How did you know that you needed a TPM?

Intel's tool tells you what your current MEI version is. So you jot that down and start hunting for Intel's FW updates on the web.
There are several subcategories as explained on this excellent site:

https://www.win-raid.com/t596f39-Int...tem-Tools.html

As for the TPM, I found out my machines were affected as I receive CVE security e-mails from MS and other companies.
http://support.ts.fujitsu.com/content/InfineonTPM.asp

Once again be careful with flashing firmware as it can render a machine unstable. When in doubt do not go ahead with it.
The main reason I went through with it is that I want to sell off one of the machines and wanted peace of mind for the prospective customer.

For further info on affected TPM's :

https://www.infineon.com/cms/en/prod...?redirId=59160

Cheers,

Many Thanks All

I'm only 12 years behind you Anak, but i love what it have, as for the the computer it will have to wait until april or more so in the meantime, what are the signs of a problem ? i mean this can be used as a botnet or worse? if stupid stuff loads before the OS it negates any AV/Mal and evething else.

DME

dmesal said:

i mean this can be used as a botnet or worse? if stupid stuff loads before the OS it negates any AV/Mal and evething else.

That is a valid concern but isn't really what this thread is about.

If you are worried about IME generally (rather than this bug) you need to use a (Intel) CPU made before 2010 as otherwise you are trusting Intel (or AMD) not to do anything you wouldn't like in their undisclosed coprocessor.

By design you can't tell from an OS level what it is doing - it is invisible.

• Thanks fdegrove for the added info and links, I'll be checking them out.

• DME; lx07 is right, and from what I can tell there wouldn't be any signs of a problem while the machine is being used as a bot or worse.

The attacker could also load and execute arbitrary code that would be invisible to the user and operating system...See Brinks original post and link

@lx07 and all

the question i think is what are the signs of intrusion or what ever word you want to use how do you know if when you have been hacked by (?) what log or XML or what ever (can i ask cortana of this?) does Intel/Toshiba have a cortana? something in easy English.

This sounds like a serious problem i don't mean to offend or anything but ????

DME

Good Day All

So i have seen something said about disabling ME but that would trash any warranty on the device.

dmesal said:

the question i think is what are the signs of intrusion or what ever word you want to use how do you know if when you have been hacked by (?)

You can't tell even in theory - that is the point.

There is no way to see what this does from OS (Windows) level.

Is this a potential problem? Certainly.

Is it a real problem? Almost certainly not or someone would have noticed and publicized it. Even on home network you check router logs which will show even what Windows doesn't know your PC is doing.

If I was a <redacted> I'd certainly worry about it. As I'm just a normal user I don't worry too much. I don't worry at all in fact.

Again this is all off topic for this thread.

If you are interested in what IME does then you could open a new thread but start by reading this - it is clear, well written and (I think) quite interesting. The Trouble With Intels Management Engine