Hacker News new | past | comments | ask | show | jobs | submit login

Considering ME firmware isn’t generally patched - wouldn’t that be the most lucrative exploit possible?



It actually does get patched through firmware updates.


How many are actually applied? I wouldn't know how to patch ME on anything I own, even if I cared to.


I've definitely seen Windows update push firmware updates but that was on a Surface so not sure if it's a first-party only thing or if any OEM can use that channel.


On windows, do nothing, it will be applied automatically. On linux and mac, press update in the app store / gnome software.


Does your aunt know how to apply bios updates? And that's assuming such updates are available at all. I searched up various Z170 (released mid 2015) chipset motherboards, and the bios updates seem to end around early-mid 2018. That works out to around 3 years of patches. It's therefore reasonable to assume that if any exploit was discovered today, any systems 3+ year old are sitting ducks.


She doesn't need to know. They'll come through Windows update and automatically be applied.


Are we talking about the same thing here? Microcode updates might be delivered through windows update but is ME updates delivered through that? Or is it through bios updates?


Even on linux its trivial. Just pressing update in the gnome software program will update the firmware.


My aunt probably isn't running a corporate machine that would HAVE the IME in it. It's a business-oriented feature that is part of the chipset, not the CPU.


If you see xyz magic string, take the next 1000 bytes and execute them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: