Intel Processor Security Vulnerability (aka “Memory Sinkhole”)

Overview

On August 6th 2015, at the Black Hat security conference in Las Vegas, security researcher Christopher Domas demonstrated installing a rootkit in a PC's firmware. Domas nicknamed the demonstration a “memory sinkhole’. The attack exploited a feature built into x86 chips manufactured since the mid-1990’s until the 2011 release of Intel Xeon Processor E5-2600 Series (i.e., Sandy Bridge-EP).


The vulnerability exists in the Advanced Programmable Interrupt Controller (APIC), which could allow an attack against the System Management Mode (SMM) memory area used by the operating system to interface with the boot environment like BIOS, EFI, or UEFI. An attacker can exploit this vulnerability to utilize the most privileged of execution modes and potentially overwrite secure features in the boot environment. The demonstration exploit uses the UEFI code features to install a rootkit.

Potential Impact

HP has investigated the potential impact of this issue on our Enterprise products (i.e., Servers, Storage and Networking) and determined that HP ProLiant Gen8 and Gen9-series servers are not vulnerable, as Intel previously addressed this design flaw in Intel Xeon Processor E5-2600 Series and subsequent models of server processors. Please note that Intel Xeon Processor E5-2600 Series are used in ProLiant Gen8 servers.


In addition, HP has investigated the potential impact of this issue on HP ProLiant G5, G6 and G7-series servers and determined they are not vulnerable to the specific attack demonstrated by Christopher Domas at the Black Hat security conference. Intel is providing a microcode update for these servers which will prevent a potential security breach, if an attempt is made to exploit this vulnerability. As an added measure of security, HP plans to implement this microcode in updated ProLiant System ROMs, which will be made available for download on HP Support Center, at no cost to customers.


HP takes security vulnerabilities seriously and works collaboratively through organizations like the Information Technology Information Sharing & Analysis Center (IT-ISAC), government agencies and industry partners to share information about the vulnerabilities and how to effectively address them. HP consistently employs security controls and procedures to protect against attacks that target our systems and networks.

What can you do?

Please check back for updates to this page regarding the availability of updated System ROMs for ProLiant G5, G6 and G7-series servers.


In addition, you may subscribe to be proactively notified via e-mail of updated of drivers, software, and firmware, through HP Subscriber's Choice: Click here to sign up for Subscriber's Choice

Resources