Aegisys Advisory: December 23rd Release - Windows Update INTEL release - Recommend DO NOT to install until further information may be sourced

On Dec23rd, INTEL Windows Updates have started to appear. It is our recommendation NOT to install these questionable updates at this time and to wait on more information. 

According to Zammit, the ME:

  • has full access to memory (without the parent CPU having any knowledge)

has full access to the TCP/IP stack

  • can send and receive network packets, even if the OS is protected by a firewall
  • is signed with an RSA 2048 key that cannot be brute-forced

cannot be disabled on newer Intel Core2 CPUs

  • the health of the ME firmware cannot be audited
  • no one outside of Intel has seen the code for the ME
  • the ME is a dedicated microcontroller on all recent Intel platforms

the first versions were included in the network card and later moved into the chipset

  • it shares flash with the BIOS but are completely independent of the CPU
  • it can be active when the system is hibernating or even turned off
  • it has a dedicated connection to the network interface.

NOTE: For Aegisys patch managed clients, please accept this as an advisory ONLY and no further action is required. Aegisys is already managing the release of your patches and maintaining the integrity of your systems