Intel warns of critical security flaw in CSME engine


[H]ardness Supreme
Dec 19, 2005
Bogus response from Intel.

"Intel has warned of a critical vulnerability in the CSME security engine and has urged users to apply a fix, now available, as quickly as possible.

The Intel Converged Security and Management Engine (CSME) is a chipset subsystem that powers Intel's Active Management technologies.

According to a security advisory published on Tuesday, CSME is subject to a firmware vulnerability, found internally by Intel's security team, which if exploited allows local threat actors to launch escalation of privilege, denial of service, and information disclosure attacks.

Tracked as CVE-2019-14598, the vulnerability has been awarded a CVSS base score of 8.2, which deems the issue critical -- the highest severity rating."
Dec 7, 2010
This isn't even funny anymore...
I's just reality - no piece of software is ever completely secure.
At least this time Intel disclosed the problem and provided a patch without excuses and diversions.
Of course, it would be better for all if none of this software was closed-source to begin with.