Skip to main content Skip to navigation
Department of Chemistry Fulmer IT

PSA: HUGE security exploit in latest(Date: 11-29-2017)

Hello AGAIN Chemists,

Today a rather enormous exploit was discovered in MacOS High Sierra.

Long story short, a local user can gain root (full administrative) access without the root password.

 

When we turned on our (High Sierra) Mac it said it had just installed the update, so we know it auto-installs with priority so this should jeopardize very few users, HOWEVER if you have turned that off, are offline, or otherwise blocked automatic updates, PLEASE install Security Update 2017-001 ASAP!

 

Detailed info:

PSA UPDATE: HUGE Intel Management Engine (ME)(Date: 11-29-17)

Greetings Chemical Specialists!

As previously indicated, there is now more info and even patches/fixes for some currently available!

Most of us are running Lenovo or Dell laptops and desktops so I’ve put direct links below.

(This is an expected eMail to a specific audience so I’m going to leave links LIVE)

 

Lenovo Patch/Update for Intel ME/SPS/TXE Vulnerability (fixes for affected systems available NOW!):

https://support.lenovo.com/us/en/solutions/LEN-17297

Respect to Lenovo for being the first/only Intel partner to take this issue as seriously as they do.

 

Dell Patch/Update for Intel ME/SPS/TXE Vulnerability (Dell is a behind on this, rather than posting fixes, they’re posting DATES when a fix SHOULD be available):

http://www.dell.com/support/article/us/en/19/sln308237/dell-client-statement-on-intel-me-txe-advisory–intel-sa-00086-?lang=en

 

SOME Dell servers have patches now:

http://www.dell.com/support/article/us/en/19/qna44242/dell-server-statement-on-intel-me-txe-advisory–intel-sa-00086-?lang=en

 

THANKFULLY Intel has now posted a page that lists most major manufacturers and their corresponding Support sites/pages that deal with this issue SPECIFICALLY!

If you have affected hardware follow the respective link below to see that status of fixes for your hardware:

https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

(the page also has a link to the test tool used to determine vulnerability if you need)

 

REMINDERS:

  • Research Groups: We have very little insight into how many computers you may have, much less how many are vulnerable.  We need your groups to self-check any Intel processor based computer (desktops and laptops both) built (not purchased) in 2015 or later.  We can help guide you through the fix BUT we have to know said help is needed 😉
  • Students: Please keep in mind that university policy dictates that FulmerIT is not allow to work on personal property.  That said, advice is always free J
  • Don’t forget about computers at home and with friends/family!

PSA: Yet another computer hardware(Date: 11-22-17)

This is another HUGE one, so apologies ahead of time for the length.

So let’s start with:

Who is affected? – Pretty much EVERY Intel chip made since 2015.  Atom, Celeron, Pentium, Core, Xeon… nearly all of them, hence HUGE.

Strangely I cannot find any info on if this affects Intel powered Apple computers, so far I can’t find any info either way… reporting is early and poor at this stage.

This is a very new exploit that was only getting wide attention starting last night due to the holiday, I’m sure many additional details will become clear by Monday.

 

What Does It Do?

Long story short/simplified: an attacker could theoretically gain remote access, then elevate themselves to Admin level gaining complete control of the system.

(no compromised organizations are yet known, but now that this has gone public, it’s only a matter of time)

 

Well that IS Huge!  What’s Intel doing about it?!

Thankfully, Intel is treating this as seriously as it should, and Federal protection agencies are backing them up.

Per usual, you don’t need take my word for it, here are a few articles you can read for yourself:

 

FulmerIT will need everyone’s help on this one!

Especially with the PI Groups, we do not have oversight over how many machines are active in the group/building, nor any managed way of bulk testing since there are so many computers that are not Active Directory (AD) members.  Therefore we’re forced to relying on each operator to run the detection tool on their computer(s) and let us know how many computers are affected, their name, physical location, IP address, and test results.

Next week I’ll have a form each operator can fill out in an attempt to make this as organized and painless as possible.

 

The easiest way to see if your systems are affected is to run the detection tool put out by Intel:

Get the Detection Tool here: <a href="https://downloadcenter.intel.com/"
There are versions for both Windows and Linux, so I’m currently running under the assumption that Macs are somehow not affected.  I’ll update if I learn otherwise.

 

PC Folks: download the ZIP file, un-ZIP it to your DOWNLOADS folder, or somewhere else you have easy access to.  Open the sub-dir “DiscoveryTool.GUI” and double-click “Intel-SA-00086-GUI.exe”

You’ll get a report back that looks something like this:

Like me, you’ll probably find that it says, “This system is vulnerable”.  If so, it’s time to hurry up and wait for your motherboard’s manufacturer to publish a patch/fix.

Note how it lists the Motherboard Manufacturer and Model to take at least some of the sting out of this.

 

So I’m Vulnerable… Now What?!

Intel has created fixes, but since the tech affected is on motherboard BIOS chips, they are reliant on the motherboard manufacturers to fit the fix to their boards, test, then publish their updates on their respective support websites.  Do you see the problem here?

Thus far, Lenovo is the only company pushing really hard to deal with this.  If you have a Lenovo laptop/desktop/server, check their website for BIOS updates related to this exploit and follow the directions accordingly.  They claim they’ll have a patch available for all affected systems up between yesterday and Black Friday.

Dell, HP, ASUS, and a few others have indicated that they have fixes in progress and should have updates ready for end-users to download and install by next week.

 

Like the last PSA I had to send out, this is a world-wide problem and will be constantly evolving.

There’s limited action that can be taken currently, as while we can detect what systems are vulnerable, per above, but fixes are just not widely available yet.

This PSA is putting everyone on-notice NOT to forget to deal with this; at home, work, and anywhere else you compute.

 

Many of the articles point out that the tool needs to be far more user friendly if essentially every PC/Linux user in the world should be doing this, hopefully they get there sooner than later….

Keep in mind how many devices in your life this may affect, home, work, family, friends, et all.

More to come.

 

Cliff Notes:

  • HUUUUUUGE Intel exploit discovered affecting nearly all their processors manufactured 2015 and newer.  Evolving issue.
  • Fixes largely NOT available yet –  but the detection tool IS!  Use it!
  • FulmerIT does NOT have oversight over how many computers are running in Fulmer/Troy, we need YOUR help on this endeavor, this is FAR too much for us to handle alone in a reasonable amount of time
    • Faculty and Research Groups need to run the Vulnerability check on ALL PC/Linux computers – a form will go out next week to help organize this
    • Staff: FulmerIT will be scheduling with you to fix your workstations individually once Dell has posted patches
  • Take the Holiday as an opportunity to spread the word to non-technical friends and family – while there’s not much we can do today, by the weekend there should be.