{"id":7554,"date":"2017-05-08T04:30:08","date_gmt":"2017-05-08T12:30:08","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/05\/08\/news-1339\/"},"modified":"2017-05-08T04:30:08","modified_gmt":"2017-05-08T12:30:08","slug":"news-1339","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/05\/08\/news-1339\/","title":{"rendered":"Patch to fix Intel-based PCs with enterprise bug rolls out this week"},"content":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/05\/untitled-3-of-6-100721355-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Mon, 08 May 2017 04:31:00 -0700<\/strong><\/p>\n<p>PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack. \u00a0\u00a0<\/p>\n<p>Intel on Friday released a <a href=\"https:\/\/newsroom.intel.com\/news\/important-security-information-intel-manageability-firmware\/\">new notice<\/a> urging clients to take steps to secure their systems.<\/p>\n<p>The chipmaker has also released a <a href=\"https:\/\/downloadcenter.intel.com\/download\/26755\">downloadable tool<\/a> that can help IT administrators and users discover whether a machine they own has the vulnerability.<\/p>\n<p>In addition, vendors including <a href=\"http:\/\/support.ts.fujitsu.com\/content\/Intel_Firmware.asp\">Fujitsu<\/a>, <a href=\"https:\/\/support.hp.com\/us-en\/document\/c05507350\">HP<\/a>\u00a0and <a href=\"https:\/\/support.lenovo.com\/us\/en\/product_security\/LEN-14963\">Lenovo<\/a>\u00a0have released lists showing which products are affected and when the patches will roll out.\u00a0<\/p>\n<p>The products include laptops from Lenovo&#8217;s ThinkPad line and HP&#8217;s EliteBook series, along with servers, and desktops. Some of the patches are slated to come in June.<\/p>\n<p>Computers running enterprise management features found in Intel-based firmware from the past eight years will have the bug.<\/p>\n<p>Specifically, the <a href=\"http:\/\/www.pcworld.com\/article\/3193710\/security\/vulnerability-hits-intel-enterprise-pcs-going-back-10-years.html\">vulnerability<\/a>\u00a0resides in\u00a0past versions of Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability.\u00a0<\/p>\n<p>Fortunately, the vulnerability can only be exploited if these features have been enabled, according to security firm Embedi, which uncovered the bug.\u00a0<\/p>\n<p>These enterprise features were designed to help businesses remotely manage, track and repair huge fleets of connected computers, including retail checkout systems, digital signs, and PCs.<\/p>\n<p>However, Intel\u2019s firmware bug could allow a hacker to take over the PCs and devices that use these remote management technologies, the chipmaker said.\u00a0<\/p>\n<p>In March, Intel learned about the vulnerability from a researcher at <a href=\"https:\/\/www.embedi.com\/\">Embedi<\/a>, a security product provider.<\/p>\n<p>On Friday, Embedi <a href=\"https:\/\/www.embedi.com\/news\/what-you-need-know-about-intel-amt-vulnerability\">released<\/a> more technical details about the Intel firmware bug, saying it could be exploited to remotely control a machine\u2019s mouse and keyboard and even turn the computer on or off.<\/p>\n<p>\u201cWhich means, you can remotely load, execute any program to the target system,\u201d Embedi said.<\/p>\n<p>The vulnerability also bypasses the machine\u2019s authentication processes, so no knowledge of the password is needed, Embedi said.<\/p>\n<p>Until the patch becomes available, Intel is recommending users manually apply <a href=\"https:\/\/downloadcenter.intel.com\/download\/26754\">temporary fixes<\/a> to address the threat. Users can also contact Intel\u2019s <a href=\"https:\/\/supporttickets.intel.com\/?lang=en-US\">customer support<\/a>.<\/p>\n<p><a href=\"http:\/\/www.computerworld.com\/article\/3194990\/security\/patch-to-fix-intel-based-pcs-with-enterprise-bug-rolls-out-this-week.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"http:\/\/zapt3.staticworld.net\/images\/article\/2017\/05\/untitled-3-of-6-100721355-large.3x2.jpg\"\/><\/p>\n<p><strong>Credit to Author: Michael Kan| Date: Mon, 08 May 2017 04:31:00 -0700<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack. \u00a0\u00a0<\/p>\n<p>Intel on Friday released a <a href=\"https:\/\/newsroom.intel.com\/news\/important-security-information-intel-manageability-firmware\/\">new notice<\/a> urging clients to take steps to secure their systems.<\/p>\n<p>The chipmaker has also released a <a href=\"https:\/\/downloadcenter.intel.com\/download\/26755\">downloadable tool<\/a> that can help IT administrators and users discover whether a machine they own has the vulnerability.<\/p>\n<p>In addition, vendors including <a href=\"http:\/\/support.ts.fujitsu.com\/content\/Intel_Firmware.asp\">Fujitsu<\/a>, <a href=\"https:\/\/support.hp.com\/us-en\/document\/c05507350\">HP<\/a>\u00a0and <a href=\"https:\/\/support.lenovo.com\/us\/en\/product_security\/LEN-14963\">Lenovo<\/a>\u00a0have released lists showing which products are affected and when the patches will roll out.\u00a0<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3194990\/security\/patch-to-fix-intel-based-pcs-with-enterprise-bug-rolls-out-this-week.html#jump\">To read this article in full or to leave a comment, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[12184,714],"class_list":["post-7554","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-computer-processors","tag-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7554","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7554"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7554\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7554"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7554"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7554"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}