PC vendors scramble as Intel announces vulnerability in firmware [Updated]
 

In comp.os.linux.advocacy Caver1 wrote:
On 11/22/17 6:04 PM, Bobbie Sellers wrote:


*** Host Computer Information ***
Name: localhost.localdomain
Manufacturer: Dell Inc.
Model: Latitude E6420
Processor Name: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
OS Version: PCLinuxOS 2017 PCLinuxOS (4.13.14-pclos1)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 7.1.13.1088
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the
Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

==================================
bliss


Dell has a list of it's computers that are at risk an it is quite long.

http://www.dell.com/support/article/...00086-?lang=en

I guess Lenovo also has one online.

According to the Intel advisory, among the Core line, only gen 6,7,8
are affected. So no need to run the detection tool on the 2620M above,
as it's a gen 2. Likewise, mine's a 2760QM, so I'm not going to bother.

PC vendors scramble as Intel announces vulnerability in firmware [Updated]
 

At Thu, 23 Nov 2017 02:55:10 +0000 (UTC) owl wrote:


In comp.os.linux.advocacy Caver1 wrote:
On 11/22/17 6:04 PM, Bobbie Sellers wrote:


*** Host Computer Information ***
Name: localhost.localdomain
Manufacturer: Dell Inc.
Model: Latitude E6420
Processor Name: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
OS Version: PCLinuxOS 2017 PCLinuxOS (4.13.14-pclos1)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 7.1.13.1088
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the
Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

==================================
bliss


Dell has a list of it's computers that are at risk an it is quite long.

http://www.dell.com/support/article/...00086-?lang=en

I guess Lenovo also has one online.

According to the Intel advisory, among the Core line, only gen 6,7,8
are affected. So no need to run the detection tool on the 2620M above,
as it's a gen 2. Likewise, mine's a 2760QM, so I'm not going to bother.



I have a "Intel(R) Core(TM)2 Duo CPU T6670 @ 2.20GHz" in my Thinkpad R500 -- I
am guessing this is too old to have the ME feature. My desktop has an AMD
processor (AMD Phenom(tm) II X4 945 Processor). I also have an *old* Mac Mini
with some sort of (old) Intel processor, roughly of the same vintage as my
Thinkpad R500, possibly older. that I use as a build box.

--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
-- Webhosting Services

PC vendors scramble as Intel announces vulnerability in firmware [Updated]
 

On Thu, 23 Nov 2017 02:55:10 +0000 (UTC), owl
wrote:

In comp.os.linux.advocacy Caver1 wrote:
On 11/22/17 6:04 PM, Bobbie Sellers wrote:


*** Host Computer Information ***
Name: localhost.localdomain
Manufacturer: Dell Inc.
Model: Latitude E6420
Processor Name: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz
OS Version: PCLinuxOS 2017 PCLinuxOS (4.13.14-pclos1)

*** Intel(R) ME Information ***
Engine: Intel(R) Management Engine
Version: 7.1.13.1088
SVN: 0

*** Risk Assessment ***
Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the SA-00086 Detection Tool Guide or the
Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

==================================
bliss


Dell has a list of it's computers that are at risk an it is quite long.

http://www.dell.com/support/article/...00086-?lang=en

I guess Lenovo also has one online.

According to the Intel advisory, among the Core line, only gen 6,7,8
are affected. So no need to run the detection tool on the 2620M above,
as it's a gen 2. Likewise, mine's a 2760QM, so I'm not going to bother.

4710HQ on my side. I guess I'm not affected.

PC vendors scramble as Intel announces vulnerability infirmware [Updated]
 

Bobbie Sellers wrote:
This is not as bad as painted by alarmists.
Most private systems are not at risk.
MS has a tool to check your Intel processors.
Below here are the URLs for the real story and
for the tools to check your system.


Two of my systems report vulnerabilty but I can't find clear instructions
from the URL below. One of the systems was built up from an MSI motherboard
and the MSI website has no mention of SA-00086.


For more information refer to the SA-00086 Detection Tool Guide or the
Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

==================================
bliss

PC vendors scramble as Intel announces vulnerability infirmware [Updated]
 

On 2017-11-23, root wrote:
Bobbie Sellers wrote:
This is not as bad as painted by alarmists.
Most private systems are not at risk.
MS has a tool to check your Intel processors.
Below here are the URLs for the real story and
for the tools to check your system.


Two of my systems report vulnerabilty but I can't find clear instructions
from the URL below. One of the systems was built up from an MSI motherboard
and the MSI website has no mention of SA-00086.


For more information refer to the SA-00086 Detection Tool Guide or the
Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

If it is just the firmware, then I would assume that the kernel firmware in
linux could handle it. Or is that not true?

And what can the manufacturers (who intel points you to to fix this) do abuot
it? And with many many computers not made by big long lived manufacturers does
this mean that Intel is just leaving most machines out to dry?



==================================
bliss

PC vendors scramble as Intel announces vulnerability in firmware[Updated]
 

In article
William Unruh wrote:

On 2017-11-23, root wrote:
Bobbie Sellers wrote:
This is not as bad as painted by alarmists.
Most private systems are not at risk.
MS has a tool to check your Intel processors.
Below here are the URLs for the real story and
for the tools to check your system.


Two of my systems report vulnerabilty but I can't find clear instructions
from the URL below. One of the systems was built up from an MSI motherboard
and the MSI website has no mention of SA-00086.


For more information refer to the SA-00086 Detection Tool Guide or the
Intel security advisory Intel-SA-00086 at the following link:
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

If it is just the firmware, then I would assume that the kernel firmware in
linux could handle it. Or is that not true?

And what can the manufacturers (who intel points you to to fix this) do abuot
it? And with many many computers not made by big long lived manufacturers does
this mean that Intel is just leaving most machines out to dry?

Pentium FDIV bug.

Intel is historically sloppy.

PC vendors scramble as Intel announces vulnerability in firmware [Updated]
 

Anonymous writes:
Pentium FDIV bug.

Intel is historically sloppy.

Sloppy compared to what? Most (all?) CPUs have/had bugs.

--
https://www.greenend.org.uk/rjk/

PC vendors scramble as Intel announces vulnerability in firmware[Updated]
 

In article
Richard Kettlewell wrote:

Anonymous writes:
Pentium FDIV bug.

Intel is historically sloppy.

Sloppy compared to what? Most (all?) CPUs have/had bugs.

not to the degree intel cpus do. modern intel is like cyrix.

Is it that bad? I had no idea about this controversy so I'm thinking it's overblown. But maybe I'm wrong.