Linked by Thom Holwerda on Tue 10th Oct 2017 23:45 UTC
Intel

The Intel Management Engine ('IME' or 'ME') is an out-of-band co-processor integrated in all post-2006 Intel-CPU-based PCs. It has full network and memory access and runs proprietary, signed, closed-source software at ring -2, independently of the BIOS, main CPU and platform operating system - a fact which many regard as an unacceptable security risk (particularly given that at least one remotely exploitable security hole has already been reported).

In this mini-guide, I'll run through the process of disabling the IME on your target PC.

Apparently, the IME co-processor runs... MINIX 3. That is incredibly fascinating. This means every post-2006 Intel PC runs MINIX.

Permalink for comment 649766
To read all comments associated with this story, please click here.
RE: Interesting process but ...
by Flatland_Spider on Wed 11th Oct 2017 17:20 UTC in reply to "Interesting process but ..."
Flatland_Spider
Member since:
2006-09-01

IME is a security risk. The AMT/vPro security holes of the not too distant past illustrate the problem of this technology, and without a compelling reason to keep it around (ie. corporate setting which uses it for remote administration and provisioning of desktops), it should get nuked.

References:
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-int...
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-000...
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Sec...

Edited 2017-10-11 17:23 UTC

Reply Parent Score: 3