Re: more details here
And/or go direct to the source: Charlie Demerjian at SemiAccurate:
http://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
"The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic.
First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had.
[continues]
"
and the next day,
http://semiaccurate.com/2017/05/03/consumer-pcs-safe-intel-meamt-exploit/
"Are consumer PCs safe from the Intel ME/AMT exploit?
TLDR; There is a remote control mechanism in hardware that cannot be fully disabled and you cannot get Intel hardware without it. So while this patch may fix the current vulnerability this situation points to the urgent need for hardware diversity.
Monday SemiAccurate brought you news of a critical remote exploit in all 2008+ Intel CPU’s. Today we will walk you through a chain of thought based on further investigation on how it could be exploited.
Confidence Levels:
While this is only analysis we will note that we believe this is in the wild right now. We would like to make very clear that none of the information here has been publicly proven. However, follow us on an excursion and let us know if you come to a different conclusion. Or if you have other enlightening information, please send it our way.
[continues]"
Share and enjoy.