[krylon]

As a sysadmin at a Windows shop, I don't know what to make of this. Has Intel commented on this, yet? Any OEM?

Joanna Rutkowska, who is a renowned security researcher, warned of something like this happening sooner or later[1], so I don't think I can afford to just ignore this.

But without something more specific to act on, there is nothing I can do, except wait firmware updates to be released by various vendors. If that happens.

And what if Intel does make a statement that essentially says, "This is all total BS"? I wouldn't know whether to believe them or not.

The only scenario where I could have any degree of certainty would be if Intel came out and said, "Yeah there's an exploitable security hole in ME, here's a patch to disable it".

[1] http://blog.invisiblethings.org/papers/2015/x86_harmful.pdf

[justinclift]

As pointed out by another commenter, Intel has released the advisary:

https://security-center.intel.com/advisory.aspx?intelid=INTE...

It confirms much of the SemiAccurate report, but also includes this:

"This vulnerability does not exist on Intel-based consumer PCs."

Which seems to differ from what SemiAccurate was saying. I'm not sure if it's SemiAccurate being... er... not completely accurate :D, or if it's Intel trying to downplay things.

I guess we'll find out more over the next few days/weeks.

[tyingq]

Looking at the Intel link, they take you down a path to see if you have vPro. That's on some i5s and i7s. So they are defining "consumer" roughly as "purchased at best buy or similar". There are certainly desktops in people's homes that have vPro. Even some of the higher end NUCs have it.

[mirimir]

Easier path: https://ark.intel.com/#@Processors

When I've purchased VirtualBox hosts, I've deliberately avoided stuff with vPro.

[Natanael_L]

I assume this is a bug in firmware version that's only used on enterprise class hardware, but that they assumed the bug also exists on consumer grade hardware on the basis of the circuits being mostly the same (and thus assuming the firmware is shared).

[tomku]

Believe it in proportion to the supporting evidence presented. At the moment, that's nothing except an appeal to the widespread belief that an Intel ME security flaw is inevitable.

[tomku]

Update, Intel has now confirmed that there's an issue: https://security-center.intel.com/advisory.aspx?intelid=INTE...

They claim that it doesn't affect consumer CPUs, but that leaves a ton vulnerable. It's pants-shitting time.

[theossuary]

This thread (and the link for it) have some decent information, for those looking for it. It had a cross-link here, figured I might as well link back to it: https://news.ycombinator.com/item?id=14242508

[yxhuvud]

Yes: https://security-center.intel.com/advisory.aspx?intelid=INTE...