Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00021
HistoryDec 21, 2009 - 12:00 a.m.

SINIT misconfiguration allows for Privilege Escalation

2009-12-2100:00:00
Intel Security Center
www.intel.com
8
JSON

Summary:

An updated SINIT Authenticated Code Module (ACM) is available for affected Intel products to correct a misconfiguration that allows for the circumvention of Intel® Trusted Execution Technology.

Description:

A misconfiguration in SINIT code could potentially allow a malicious attacker to circumvent Intel® Trusted Execution Technology and elevate their privileges. Intel has released an updated SINIT Authenticated Code Module (ACM) to correct this misconfiguration.

Affected products:

Systems with Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets.

Recommendations:

While Intel is not aware of any use of the vulnerabilities described in this advisory, Intel has made an updated SINIT Authenticated Code Module (ACM) available to mitigate this issue. It is highly recommended to apply this updated Authenticated Code Module (ACM).

If you are using a Trusted Execution Technology enabled SW (MLE) that uses SINIT modules: Q35_SINIT_XX.BIN, GM45_GS45_PM45_SINIT_XX.BIN, or Q45_Q43_SINIT_XX.BIN, you are affected Intel has made updated SINIT modules available to mitigate this issue. Please contact your MLE vendor or evaluate your measured launch process to determine if an update is required. Updated SINIT Modules can be obtained from http://sourceforge.net/projects/tboot/files/. The table below shows the SINIT Modules by platform. Refer to the Measured Launched Environment Developers Guide if you have additional questions on SINIT. You can download the Measured Launched Environment Developers Guide at <http://download.intel.com/technology/security/downloads/315168.pdf&gt;.

JSON