Back in November Intel disclosed and patched a number of security holes in its software.
Intel Management Engine was one piece of software that was patched, which is described as a secret CPU inside of Intel’s CPUs.
The IME subsystem has separate threads, file system and processes. Before the bug was patched it could have allowed an attacker to gain unfettered access to an entire system.
The trouble is that any chink in the system’s armour could reopen this hole. A number of vendors have said that its a risk they’d rather their customers not have to deal with and they will be disabling IME.
System76, a seller of Linux servers and notebooks, is one of the vendors that will be disable IME on Intel-powered systems. “System76 will automatically deliver updated firmware with a disabled ME on Intel 6th, 7th, and 8th Gen laptops. The ME provides no functionality for System76 laptop customers and is safe to disable,” said the vendor in a blog post.
The merchant also implored Intel not to change how IME functions so that users can disable it.
It is also reported by BleepingComputer that Dell has also begun shipping notebooks with IME disabled, though the publication does admit that it isn’t sure for how long this has been happening.
The message this sends to Intel however is clear and, to be frank, Team Blue should really be one of those companies that get’s security right. Then again if Apple can slip up we suppose anybody can, and at least there is a solution that doesn’t rely on a manufacturer to disseminate a patch.