The Intel Management Engine exposes a new vulnerability
Intel Management Engine was previously found to be a severe security vulnerability, and Intel and various operating system developers have since blocked the vulnerability.
The serious reason is that the ME management engine driver is a separate operating system, so even if the computer is properly shut down, it cannot be attacked.
Although the security vulnerability Intel-SA-00086 has been successfully repaired, Russian researchers still find that the management engine has security flaws.
Management Engine (ME) manufacturing mode:
The Intel ME comes with a manufacturing model for factory commissioning. Usually, the attached manufacturing mode must be turned off before the device leaves the factory.
However, Intel officials have not issued a document on the risk of the ME management engine manufacturing model, so many vendors are not aware of the potential risks of not closing.
This time, Russian researchers used the Intel-SA-00086 vulnerability through the manufacturing model, which means that the repair of this vulnerability is not entirely exploitable.
Many devices have not closed the manufacturing mode at the factory:
As a tool manufacturing mode for factory commissioning, there is no problem. The problem is that the factory does not shut down the ME management engine manufacturing mode before leaving the factory.
For example, the researchers found that some of Apple’s laptops did not close the manufacturing model, and attackers could use this flaw to attack the ME management engine successfully.
Of course, the openness of the vulnerability now means that the vulnerability may have been fixed. For example, Apple has fixed the ME vulnerability submitted by researchers in the earlier update.
Users can also click here to download the Python detection code published by the researcher, which can detect if the system is affected by the ME manufacturing model.