Intel SPI Flash Flaw Allows BIOS and UEFI Deletion

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Apr 16, 2018.

  1. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    Messages:
    52,329
    Joined:
    May 18, 1997
    While having your OS compromised is certainly not a good thing, but I assure you that most [H]'ers would rather see their OS corrupted with malware than your BIOS or UEFI being deleted. Don't worry though, this only affects pretty much every Intel CPU in use today, so at least there is an upside. Seems that Bleeping Computer has been talking to Lenovo on this. Maybe we could get them to ask Lenovo about NVIDIA GPP? Thanks cageymaru.


    According to Lenovo, who recently deployed the Intel fixes, "the configuration of the system firmware device (SPI flash) could allow an attacker to block BIOS/UEFI updates, or to selectively erase or corrupt portions of the firmware."

    Intel deployed fixes for this vulnerability (CVE-2017-5703) on April 3. The chipset maker says the following CPU series utilize unsafe opcodes that allow local attackers to take advantage of this security bug:
     
  2. trparky

    trparky Gawd

    Messages:
    629
    Joined:
    Jul 23, 2009
    Help! I'm drowning in sarcasm! :ROFLMAO:

    First Spectre and Meltdown? Now this? Intel you suck!
     
  3. ep0x73

    ep0x73 2[H]4U

    Messages:
    2,533
    Joined:
    Sep 5, 2013
    Yet Intel stock is trending much higher recently, strange
     
  4. Chebsy

    Chebsy Limp Gawd

    Messages:
    412
    Joined:
    Jan 24, 2013
    Thank god I went with a Ryzen 7 !!!
     
  5. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    956
    Joined:
    Jan 24, 2018
    Because investors know that anything Wintel-based is fucked & their pet security companies will make bank.
     
  6. erek

    erek [H]ard|Gawd

    Messages:
    1,707
    Joined:
    Dec 19, 2005
    I'm still waiting for ASUS to provide a BIOS update for Spectre/Meltdown or whatever much less this new flaw ... :-\ Can't wait til Threadripper 2
     
    WhoMe likes this.
  7. WhoMe

    WhoMe Gawd

    Messages:
    737
    Joined:
    Jan 3, 2018
    If somebody is attacking my computer locally...it means they are walking out the door with it (and bleeding from the dog bites).
     
  8. thenapalm

    thenapalm Limp Gawd

    Messages:
    333
    Joined:
    Dec 6, 2001
    Someone quick call CTS Labs and get them on the case!
     
  9. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    12,236
    Joined:
    Aug 16, 2004
    Yay, supposedly none of my systems are vulnerable as my newest is running a 4930k. Looks to only be gen 5 and higher.
     
    Big_Rig_Stig likes this.
  10. Brackle

    Brackle Old Timer

    Messages:
    7,220
    Joined:
    Jun 19, 2003
    Where is CTS Labs when we need them! Intelflaws.com anyone?
     
  11. knowom

    knowom Limp Gawd

    Messages:
    238
    Joined:
    Aug 15, 2008
    Intel has really given me renewed faith and confidence in McAfee with all it's security flaws I know I'm sold on it's protection.
     
    GDI Lord and Big_Rig_Stig like this.
  12. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    956
    Joined:
    Jan 24, 2018
    That's why I use steaks laced with Quaaludes...
     
    Revdarian and cyberguyz like this.
  13. Big_Rig_Stig

    Big_Rig_Stig Gawd

    Messages:
    956
    Joined:
    Jan 24, 2018
    Why bother? Who's gonna go thru that much effort to attack you and your porn stash data?
     
    auntjemima likes this.
  14. WhoMe

    WhoMe Gawd

    Messages:
    737
    Joined:
    Jan 3, 2018
    Might work with the golden retriever, she'll eat anything: the rest would be too busy eating you. Seriously it's not as easy drugging dogs with pills as people think...their digestive tracks are short and they don't always adsorb as much as you'd think.
     
  15. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,049
    Joined:
    Nov 16, 2007
    Looks like all the decisions security vs speed are coming home to roost.

    Wonder how many people were fired, demoted, reassigned, or pushed out, for speaking up against such decisions?
     
    trparky and erek like this.
  16. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,150
    Joined:
    Sep 13, 2008
    So much fanboyisme in this thread ( on both parts)
     
  17. trparky

    trparky Gawd

    Messages:
    629
    Joined:
    Jul 23, 2009
    The more I think about it the more I think that going with AMD Ryzen is a good idea.
     
  18. velusip

    velusip [H]ard|Gawd

    Messages:
    1,312
    Joined:
    Jan 24, 2005
    Local access vulnerabilities should still be treated as critical as ever. I know there was lots of downplaying of these kinds of defects recently after the CTS Labs hype, but let's not get too complacent. We're already way down on the slippery slope when it comes to <insert literally everything wrong with the world>.
     
  19. Uvaman2

    Uvaman2 2[H]4U

    Messages:
    2,279
    Joined:
    Jan 4, 2016
    I would say the same as I would for AMD if it's a local attacker all bets are off anyway.
     
  20. horskh

    horskh n00bie

    Messages:
    41
    Joined:
    Jan 19, 2018
    So where is the white paper regarding Intel stock as junk, eventually reaching $0.00?
     
    Revdarian likes this.
  21. cyberguyz

    cyberguyz Limp Gawd

    Messages:
    259
    Joined:
    Aug 28, 2014
    Gigabyte (and possibly others) have been using 2 bios/ufei chips just about forever. Asus (and possibly others) has had a way to emergency flash your bios with a backup image when you power up your system for a few years now.

    I don't think this kind of thing is such a huge problem anymore.
     
  22. ep0x73

    ep0x73 2[H]4U

    Messages:
    2,533
    Joined:
    Sep 5, 2013
    well, only if they were shorting the stock. Intel is actually at their 52 week high so somebody is investing with confidence.
     
  23. trparky

    trparky Gawd

    Messages:
    629
    Joined:
    Jul 23, 2009
    Yeah, they see a whole bunch of people having to replace their processors over this shit.
     
  24. knowom

    knowom Limp Gawd

    Messages:
    238
    Joined:
    Aug 15, 2008
    I wouldn't be shocked if Intel was responsible for the DRAM shortage and just bought up supply to keep system build costs much higher til they launched a CPU that was more competitive. Who would put that past Intel after all and/or Micron for that matter. To me that seems like par for course for the type of **** that Intel would pull.
     
    Master_shake_ likes this.
  25. Master_shake_

    Master_shake_ Little Bitch

    Messages:
    6,565
    Joined:
    Apr 9, 2012
    Intel stock should be worth zero.

    #intelflaws.com
     
  26. Nobu

    Nobu [H]ard|Gawd

    Messages:
    1,718
    Joined:
    Jun 7, 2007
    It's a bigger issue with servers that need to be online 24hrs a day, or the like. For home users it's more of a nuisance than a money issue, unless you have to buy a new motherboard because of it.
    The gigabyte x370 k5 would be hosed after two corrupt bioses, btw. It doesn't have any way to flash the backup while on the main bios.
     
  27. Patton187

    Patton187 Limp Gawd

    Messages:
    347
    Joined:
    Feb 12, 2012
    When
    When you really think about it, on a long enough timeline, all stocks are worthless.
     
    clockdogg likes this.