Vanotsvaga kubva Positive Technologies yakaratidza kusagadzikana kutsva (CVE-2019-0090) izvo inobvumira kupinda kwemuviri kukomputa kuti ibvise iyo kiyi yemidzi yeplatform (iyo chipset kiyi), iyo inoshandiswa semudzi wekuvimba mukubvumikisa akasiyana mapuratifomu, kusanganisira TPM (Yakavimbika Platform Module firmware) uye UEFI.
Kunetseka inokonzerwa nekanganiso mu Hardware uye firmware Intel CSME, , que iyo iri mubhokisi ROM, izvo zvakakomba zvakanyanya sezvo kukanganisa uku hakugadziriswe nechero nzira.
Iyo CVE-2019-0090 kunetseka inoreva kune yakachinjika chengetedzo uye manejimendi injini (CSME) pane mazhinji Intel CPUs akaburitswa mumakore mashanu apfuura, neaya gumi magengen iterations ari iwo ega.
Iri dambudziko hombe nekuti rinopa macryptographic checks yakaderera nhanho apo mamaboard bhutsu, pakati pezvimwe zvinhu. Ndicho chinhu chekutanga chaunomhanya kana iwe ukarova switch yemagetsi uye mudzi wekutenda kune zvese zvinotevera.
Nekuda kwekuvapo kwehwindo panguva yekutangazve kweIntel CSME semuenzaniso, kana uchibva kunze kwekurara modhi.
Kuburikidza nekunyepedzera neDMA, data rinogona kunyorerwa Intel CSME static memory uye memory peji matafura anogona kuchinjwa Intel CSME yakatotanga kutemerwa kuuraya, bvisa kiyi kubva papuratifomu uye ugamuchire kutonga pamusoro pechizvarwa chemakiyi ekunamatira eIntel CSME module Rondedzero yekushomeka kwekushandisa iri kurongwa kuburitswa gare gare.
Kuwedzera pakuburitsa kiyi, iko kukanganisa zvakare kunotendera kuitiswa kwekodhi padanho rerombo zero kubva kuIntel CSME (Yakashandurwa Manageability uye Yekuchengetedza Injini).
Intel akacherekedza dambudziko rinenge gore rapfuura uye muna Chivabvu 2019 mitsva yakaburitswa firmware iyo, kunyangwe ivo vasingakwanise kuchinja kodhi iri nyore muROM, kunyangwe hazvo vachinzi vari "kuyedza kuvhara nzira dzinogona kushanda padanho remunhu mumwe weIntel CSME module."
Zvinoenderana nePositive Technologies, mhinduro yacho inongovhara vector imwe yekushandisa. Ivo vanotenda kuti kune dzimwe nzira dzekurwisa uye dzimwe hadzidi kuwanikwa kwemuviri.
"Panogona kunge paine nzira zhinji dzekushandisa kusagadzikana uku muROM, kwete dzese dzinoda kupinda mumuviri, kumwe kuwana chete kune chekuita nemalware yemuno."
Sekureva kwaMark Ermolov, Principal OS uye Hardware Security Nyanzvi paPositive Technologies, nekuda kwenzvimbo yayo, iko kukanganisa kwakafanana neCheckm8 boot ROM inoshandisa zvishandiso zveIOS iyo yakaburitswa munaGunyana uye inoonekwa seyakaipisisa jeri.
Pakati pemhedzisiro inogona kuitika kuwana kiyi mudzi wepuratifomu, Intel CSME chikamu firmware rutsigiro rwataurwa, kuzvipira kwe encryption masisitimu midhiya yakavakirwa paIntel CSME, pamwe ne mukana wekupamba EPID (Yakavandudzwa Yekuvanzika ID) kuendesa komputa yako kune imwe kuti ipfuure DRM kudzivirirwa.
Kana zvikaitika kuti mamodule eCSME akaomeserwa, Intel yakapa kugona kumutsiridza makiyi akabatana navo vachishandisa iyo SVN (Security Version Nhamba) mashandiro.
Mukana wekuwana kune mudzi kiyi wepuratifomu, maitiro aya haashande sezvo mudzi wemidziyo wepuratifomu uchishandiswa kugadzira kiyi yekunyorwa kweKutendeseka Kudzora Kukosha Blob (ICVB), iyo irisiti, uyezve, iyo inobvumidza kuumba kodhi yechero yeiyo Intel CSME firmware module.
Iri rinogona kunge riri dambudziko hombe Intel raizotarisana naro, sezvo matambudziko apfuura senge specter kana kunyungudika akarerutswa, asi iri idambudziko hombe nekuti iko kukanganisa kuri muROM uye sevatsvaguriri vanotaura kuti iyi mhaka haigone kugadziriswa nechero nzira.
Uye kunyangwe Intel iri kushanda kuti ikwanise "kuyedza kuvhara" nzira dzinogona kuitika, chero chavanoita hazvigoneke kugadzirisa kutadza.