Intel warns of critical security flaw in CSME engine

erek

[H]ardness Supreme
Joined
Dec 19, 2005
Messages
4,408
Bogus response from Intel.

"Intel has warned of a critical vulnerability in the CSME security engine and has urged users to apply a fix, now available, as quickly as possible.

The Intel Converged Security and Management Engine (CSME) is a chipset subsystem that powers Intel's Active Management technologies.

According to a security advisory published on Tuesday, CSME is subject to a firmware vulnerability, found internally by Intel's security team, which if exploited allows local threat actors to launch escalation of privilege, denial of service, and information disclosure attacks.

Tracked as CVE-2019-14598, the vulnerability has been awarded a CVSS base score of 8.2, which deems the issue critical -- the highest severity rating."


https://www.zdnet.com/article/intel-warns-of-critical-security-flaw-in-csme-engine/
 
Joined
Dec 7, 2010
Messages
620
This isn't even funny anymore...
I's just reality - no piece of software is ever completely secure.
At least this time Intel disclosed the problem and provided a patch without excuses and diversions.
Of course, it would be better for all if none of this software was closed-source to begin with.
 
Top