Source: Windows Central
What you need to know
- It's been discovered that a security bug affecting many Intel systems is worse than initially thought.
- The bug lies within the Converged Security and Management Engine, meaning it can't be fully fixed with software or firmware updates.
- To fully fix the issue, people would have to replace the CPU of their device.
A security bug affecting many Intel systems is worse than previously thought. The bug affects the majority of Intel CPUs released in the last five years. The bug lies within the Converged Security and Management Engine (CSME), meaning it can't be fully fixed with software or firmware updates. Positve Technologies breaks down the bug and explains the risks that it potentially raises for PCs.
The issue leaves systems that are affected open to physical or local attacks. Mark Ermolov, the author of the report from Positive Technologies, says that the bug can be potentially exploited through local access, stating, "Some of them might require local access; others need physical access."
Because the issue is within the CSME, it can't be fixed without changing hardware. CSME is the "Root of Trust" for security on a platform. LaptopMag explains that "the system relies on it as a trusted source of cryptographic security," adding, "Because the flaw is in the bootROM of CSME it cannot be changed after manufacturing."
According to Positive Technologies, people that want to exploit this vulnerability will look to extract a hardware key which is used to encrypt the Chipset Key. That key is not platform-specific, meaning that a single key could be used for "an entire generation of Intel chipsets." Positive Technologies believes that extracting this key is "only a matter of time," adding "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
When ZDNet asked for a comment from Intel, Intel reaffirmed that the bug can only be exploited through physical access. It also urged people to apply the May 2019 updates.

ID@Azure is a new program for indie cloud development, based on ID@Xbox
Microsoft is spinning up a new program aimed at introducing independent devs and teams to Azure cloud-based services and infrastructure, according to this new job listing.

Microsoft is testing 1080p xCloud streams for Xbox Game Pass gaming
Xbox Game Pass Ultimate is currently limited to 720p for streaming to mobile devices, but we've seen evidence that it's about to get bumped up to 1080p. Here's what you need to know.

Here are 10 Xbox games that need 'FPS Boost'
FPS Boost is another impressive feature currently available in the Xbox backwards compatibility utility belt. Here are 10 games we want to see take advantage of enhanced framerates.

The CPUs you want to put in your next budget PC build
PC builds don't have to be expensive. Even CPUs, which can be one of the pricier parts of a build, don't have to break the bank.