This is another HUGE one, so apologies ahead of time for the length.
So let’s start with:
Who is affected? – Pretty much EVERY Intel chip made since 2015. Atom, Celeron, Pentium, Core, Xeon… nearly all of them, hence HUGE.
Strangely I cannot find any info on if this affects Intel powered Apple computers, so far I can’t find any info either way… reporting is early and poor at this stage.
This is a very new exploit that was only getting wide attention starting last night due to the holiday, I’m sure many additional details will become clear by Monday.
What Does It Do?
Long story short/simplified: an attacker could theoretically gain remote access, then elevate themselves to Admin level gaining complete control of the system.
(no compromised organizations are yet known, but now that this has gone public, it’s only a matter of time)
Well that IS Huge! What’s Intel doing about it?!
Thankfully, Intel is treating this as seriously as it should, and Federal protection agencies are backing them up.
Per usual, you don’t need take my word for it, here are a few articles you can read for yourself:
FulmerIT will need everyone’s help on this one!
Especially with the PI Groups, we do not have oversight over how many machines are active in the group/building, nor any managed way of bulk testing since there are so many computers that are not Active Directory (AD) members. Therefore we’re forced to relying on each operator to run the detection tool on their computer(s) and let us know how many computers are affected, their name, physical location, IP address, and test results.
Next week I’ll have a form each operator can fill out in an attempt to make this as organized and painless as possible.
The easiest way to see if your systems are affected is to run the detection tool put out by Intel:
Detection Tool: https://downloadcenter.intel.com/download/27150
There are versions for both Windows and Linux, so I’m currently running under the assumption that Macs are somehow not affected. I’ll update if I learn otherwise.
PC Folks: download the ZIP file, un-ZIP it to your DOWNLOADS folder, or somewhere else you have easy access to. Open the sub-dir “DiscoveryTool.GUI” and double-click “Intel-SA-00086-GUI.exe”
You’ll get a report back that looks something like this:
Like me, you’ll probably find that it says, “This system is vulnerable”. If so, it’s time to hurry up and wait for your motherboard’s manufacturer to publish a patch/fix.
Note how it lists the Motherboard Manufacturer and Model to take at least some of the sting out of this.
So I’m Vulnerable… Now What?!
Intel has created fixes, but since the tech affected is on motherboard BIOS chips, they are reliant on the motherboard manufacturers to fit the fix to their boards, test, then publish their updates on their respective support websites. Do you see the problem here?
Thus far, Lenovo is the only company pushing really hard to deal with this. If you have a Lenovo laptop/desktop/server, check their website for BIOS updates related to this exploit and follow the directions accordingly. They claim they’ll have a patch available for all affected systems up between yesterday and Black Friday.
Dell, HP, ASUS, and a few others have indicated that they have fixes in progress and should have updates ready for end-users to download and install by next week.
Like the last PSA I had to send out, this is a world-wide problem and will be constantly evolving.
There’s limited action that can be taken currently, as while we can detect what systems are vulnerable, per above, but fixes are just not widely available yet.
This PSA is putting everyone on-notice NOT to forget to deal with this; at home, work, and anywhere else you compute.
Many of the articles point out that the tool needs to be far more user friendly if essentially every PC/Linux user in the world should be doing this, hopefully they get there sooner than later….
Keep in mind how many devices in your life this may affect, home, work, family, friends, et all.
More to come.
- HUUUUUUGE Intel exploit discovered affecting nearly all their processors manufactured 2015 and newer. Evolving issue.
- Fixes largely NOT available yet – but the detection tool IS! Use it!
- FulmerIT does NOT have oversight over how many computers are running in Fulmer/Troy, we need YOUR help on this endeavor, this is FAR too much for us to handle alone in a reasonable amount of time
- Faculty and Research Groups need to run the Vulnerability check on ALL PC/Linux computers – a form will go out next week to help organize this
- Staff: FulmerIT will be scheduling with you to fix your workstations individually once Dell has posted patches
- Take the Holiday as an opportunity to spread the word to non-technical friends and family – while there’s not much we can do today, by the weekend there should be.