[RndTbl] big Intel bug with SMT firmware

Trevor Cordes trevor at tecnopolis.ca
Wed May 17 01:13:47 CDT 2017

Intel has announced a big (VCSSv3 8.4 and 9.8 critical) bug in their 
AMT/ISM/SBT technologies, which are mostly only in their business lines.  
Most consumer desktops will not be affected.  It seems more laptops than 
you would think are affected so if you have an Intel-based laptop from 0-6 
years old you might want to check this out.  If you have a desktop with a 
"Q" chipset (aka vPro) then you also are probably affected.

I'll repeat this so as to not cause undo alarm: MOST HOME DESKTOP SYSTEMS 

Looks like this flaw could let an attacker take full control of the 
system, probably including remote BIOS/desktop and/or OS image control 
(not sure about file system?).  Not sure if exploits are actually in the 
wild yet, but once they are, just using any public wifi could get you 
hosed.  And this isn't just a Windows user problem like all the 
RansomWare: this one is at the hardware/BIOS level so it affects all OS 

Patched firmware coming soon, or are already out.


Here's direct links to the list of affected systems for brands relevant to 
my customers (other brands are at the link above):


Note, for Lenovo laptops: W series W520 and up are affected, and most T 
and X series.

There are Windows (and maybe Ubuntu) programs you can d/l to check if you 
have an affected system.  Check the firmware site for your system often 
until a fix is posted and then apply it.

-- Your friendly neighbourhood MUUG security announcer

More information about the Roundtable mailing list