In the world of cyber security new threats are discovered literally on a daily basis. Typically, though, in the digital world issues are addressed quickly once they are discovered. Well, some of the time.
Apparently that is not the case with Intel platforms produced over the past decade. I came across an article at SemiAccurate.com, a technology news site I subscribe to that took me somewhat by surprise.
According to the article, “Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. There is literally no Intel box made in the last 9+ years that isn’t at risk.” I agree with the author’s next statement that, “This is somewhere between nightmarish and apocalyptic.” (https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/)
As a cyber security expert, I look for exploitable security holes and have come to expect to find them. Hackers manage to do a great job of revealing them shortly after product delivery. Once discovered, the OEMs tend to address the issues immediately. I’m a little surprised that it has taken Intel so long to address their security hole issues and seemingly with great reluctance.
Finally, according to SemiAccurate.com, “The hole is being fixed and Intel is issuing a patch.” They also say that, “Intel has some mitigation options for the affected users, that is you, whether you know it or not. They have two fixes for provisioned AMT and non-provisioned boxes, both prevent the issue from happening until the firmware update has been distributed by OEMs. Unfortunately since this issue is not disclosed officially yet, they won’t tell you what it is. Due to the severity of the issue, we highly recommend you make these changes immediately, don’t wait for the official disclosure.”(https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/)
It’s likely you have vulnerable Intel platforms with exploitable security holes that need to be secured if your system is 10 years old or newer. The best course of action is to check for patches daily and install all patches immediately. If there is no patch, back up data and replace.