threatpost[.]com/intel-patches-nine-year-old-critical-cpu-vulnerability/125331/
"Intel Patches Nine-Year-Old Critical CPU Vulnerability"
I think some people in the forums are involved with PCs in a work or biz environ, so wanted to post this in case it matters to them.
Intel patched a critical vulnerability that dates back nine years and impacts business desktop PCs that utilize the company’s Active Management Technology...Moss said no consumer PCs are impacted and that Intel is unaware of any exploitation of this vulnerability in the wild.
Mitigation of the vulnerability include a firmware update for some models or alternatively removing or disabling Local Manageability Services (LMS) from impacted systems, according to the Intel security advisory...
Matthew Garrett, a developer at Red Hat, wrote on his blog Monday that the flaw will only impact those that have explicitly enabled Active Management Technology at some point. “Most Intel systems don’t ship with AMT. Most Intel systems with AMT don’t have it turned on,” he said.
Garrett added, fixing the problem won’t be easy for Intel or admins. “Fixing this requires a system firmware update in order to provide new ME firmware (including an updated copy of the AMT code). Many of the affected machines are no longer receiving firmware updates from their manufacturers, and so will probably never get a fix. Anyone who ever enables AMT on one of these devices will be vulnerable,” he said.