5 Mar
2020
5 Mar
'20
8:35 p.m.
Interesting article today from Positive Technologies. https://www.ptsecurity.com/ww-en/about/news/unfixable-vulnerability-in-intel...
I can't tell if this creates an opportunity for users to fully control ME on affected computers (via coreboot/me_cleaner), or if this is a nail in the coffin.
In particular the following statement was interesting: "In ROM, this vulnerability also allows for arbitrary code execution at the zero level of privilege of Intel CSME. No firmware updates can fix the vulnerability."