Source: Windows Central
What you need to know
- It's been discovered that a security bug affecting many Intel systems is worse than initially thought.
- The bug lies within the Converged Security and Management Engine, meaning it can't be fully fixed with software or firmware updates.
- To fully fix the issue, people would have to replace the CPU of their device.
A security bug affecting many Intel systems is worse than previously thought. The bug affects the majority of Intel CPUs released in the last five years. The bug lies within the Converged Security and Management Engine (CSME), meaning it can't be fully fixed with software or firmware updates. Positve Technologies breaks down the bug and explains the risks that it potentially raises for PCs.
The issue leaves systems that are affected open to physical or local attacks. Mark Ermolov, the author of the report from Positive Technologies, says that the bug can be potentially exploited through local access, stating, "Some of them might require local access; others need physical access."
Because the issue is within the CSME, it can't be fixed without changing hardware. CSME is the "Root of Trust" for security on a platform. LaptopMag explains that "the system relies on it as a trusted source of cryptographic security," adding, "Because the flaw is in the bootROM of CSME it cannot be changed after manufacturing."
According to Positive Technologies, people that want to exploit this vulnerability will look to extract a hardware key which is used to encrypt the Chipset Key. That key is not platform-specific, meaning that a single key could be used for "an entire generation of Intel chipsets." Positive Technologies believes that extracting this key is "only a matter of time," adding "When this happens, utter chaos will reign. Hardware IDs will be forged, digital content will be extracted, and data from encrypted hard disks will be decrypted."
When ZDNet asked for a comment from Intel, Intel reaffirmed that the bug can only be exploited through physical access. It also urged people to apply the May 2019 updates.
Xbox hits 20, and Microsoft will broadcast live on November 15 to celebrate
Microsoft's Xbox hits its 20th anniversary this year, and the big X is planning a broadcast showcase to celebrate. Here's what we know so far.
Microsoft's gaming acquisitions to continue, says Xbox lead Phil Spencer
Xbox isn't done acquiring gaming studios, but the acquisitions have to be a "good match" for the team. Here's what Xbox chief Phil Spencer had to say on it.
How to expand Xbox Series X & Series S storage with an external drive
Xbox Series X introduces some notable changes to how storage and external hard drives function, with the introduction of the Xbox Series X Storage Expansion Card. Here’s which solution works for you and where to buy your next storage expansion.
Best CPU for ASUS ROG X570 Crosshair VIII Extreme 2021
If you've got the budget to cover the cost of the ASUS ROG X570 Crosshair VIII Extreme, you'll want to use the best AMD processor available. We've rounded up our recommendations for this monstrous motherboard.