Intel SPI Flash Flaw Allows BIOS and UEFI Deletion

[FrgMstr]

While having your OS compromised is certainly not a good thing, but I assure you that most [H]'ers would rather see their OS corrupted with malware than your BIOS or UEFI being deleted. Don't worry though, this only affects pretty much every Intel CPU in use today, so at least there is an upside. Seems that Bleeping Computer has been talking to Lenovo on this. Maybe we could get them to ask Lenovo about NVIDIA GPP? Thanks cageymaru.


According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."

Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:

 

[ep0x73]

Yet Intel stock is trending much higher recently, strange

 

[Chebsy]

Thank god I went with a Ryzen 7 !!!

 

[Big_Rig_Stig]

Yet Intel stock is trending much higher recently, strange

Because investors know that anything Wintel-based is fucked & their pet security companies will make bank.

 

[erek]

I'm still waiting for ASUS to provide a BIOS update for Spectre/Meltdown or whatever much less this new flaw ... :-\ Can't wait til Threadripper 2

 

[WhoMe]

If somebody is attacking my computer locally...it means they are walking out the door with it (and bleeding from the dog bites).

 

[thenapalm]

Someone quick call CTS Labs and get them on the case!

 

[cyclone3d]

Yay, supposedly none of my systems are vulnerable as my newest is running a 4930k. Looks to only be gen 5 and higher.

 

[Brackle]

Where is CTS Labs when we need them! Intelflaws.com anyone?

 

[knowom]

Because investors know that anything Wintel-based is fucked & their pet security companies will make bank.

Intel has really given me renewed faith and confidence in McAfee with all it's security flaws I know I'm sold on it's protection.

 

[Big_Rig_Stig]

If somebody is attacking my computer locally...it means they are walking out the door with it (and bleeding from the dog bites).

That's why I use steaks laced with Quaaludes...

 

[Big_Rig_Stig]

I'm still waiting for ASUS to provide a BIOS update for Spectre/Meltdown or whatever much less this new flaw ... :-\ Can't wait til Threadripper 2

Why bother? Who's gonna go thru that much effort to attack you and your porn stash data?

 

[WhoMe]

That's why I use steaks laced with Quaaludes...

Might work with the golden retriever, she'll eat anything: the rest would be too busy eating you. Seriously it's not as easy drugging dogs with pills as people think...their digestive tracks are short and they don't always adsorb as much as you'd think.

 

[Elf_Boy]

Looks like all the decisions security vs speed are coming home to roost.

Wonder how many people were fired, demoted, reassigned, or pushed out, for speaking up against such decisions?

 

[SvenBent]

So much fanboyisme in this thread ( on both parts)

 

[trparky]

Looks like all the decisions security vs speed are coming home to roost.

Wonder how many people were fired, demoted, reassigned, or pushed out, for speaking up against such decisions?

The more I think about it the more I think that going with AMD Ryzen is a good idea.

 

[velusip]

Local access vulnerabilities should still be treated as critical as ever. I know there was lots of downplaying of these kinds of defects recently after the CTS Labs hype, but let's not get too complacent. We're already way down on the slippery slope when it comes to <insert literally everything wrong with the world>.

 

[Uvaman2]

I would say the same as I would for AMD if it's a local attacker all bets are off anyway.

 

[horskh]

So where is the white paper regarding Intel stock as junk, eventually reaching $0.00?

 

[cyberguyz]

Gigabyte (and possibly others) have been using 2 bios/ufei chips just about forever. Asus (and possibly others) has had a way to emergency flash your bios with a backup image when you power up your system for a few years now.

I don't think this kind of thing is such a huge problem anymore.

 

[ep0x73]

Because investors know that anything Wintel-based is fucked & their pet security companies will make bank.

well, only if they were shorting the stock. Intel is actually at their 52 week high so somebody is investing with confidence.

 

[trparky]

well, only if they were shorting the stock. Intel is actually at their 52 week high so somebody is investing with confidence.

Yeah, they see a whole bunch of people having to replace their processors over this shit.

 

[knowom]

Yeah, they see a whole bunch of people having to replace their processors over this shit.

I wouldn't be shocked if Intel was responsible for the DRAM shortage and just bought up supply to keep system build costs much higher til they launched a CPU that was more competitive. Who would put that past Intel after all and/or Micron for that matter. To me that seems like par for course for the type of **** that Intel would pull.

 

[Master_shake_]

Intel stock should be worth zero.

#intelflaws.com

 

[Nobu]

Gigabyte (and possibly others) have been using 2 bios/ufei chips just about forever. Asus (and possibly others) has had a way to emergency flash your bios with a backup image when you power up your system for a few years now.

I don't think this kind of thing is such a huge problem anymore.

It's a bigger issue with servers that need to be online 24hrs a day, or the like. For home users it's more of a nuisance than a money issue, unless you have to buy a new motherboard because of it.
The gigabyte x370 k5 would be hosed after two corrupt bioses, btw. It doesn't have any way to flash the backup while on the main bios.

 

[Patton187]

When

Intel stock should be worth zero.

#intelflaws.com

When you really think about it, on a long enough timeline, all stocks are worthless.