Something is not right.

External pressure did not make Maebori completely lose the ability to think.

The final description of another vulnerability in the annex, while incomplete, made Maebori nervous.

Because of the simple verification according to this description, Mebori instantly believed that Wang Yufei was indeed holding a mine in his hand.

But Mebori didn't call Wang Yufei, but took the initiative to come to Stephen's office as soon as possible.

"Is the deal done?" asked Stephen, putting down his work and frowning, in a tone that wasn't very friendly.

The reason why I have to work overtime in the office so late is not because the company has to deal with the aggressive lawyer in China?

If the technical department can complete the design of the CPU with a lean mentality and not be found these vulnerabilities, where does he need such a headache?

Of course, also because that Mike from Jones Law Firm was too greedy.

The settlement plan of tens of millions of dollars was directly returned, and the other party even asked for a billion dollars!

That's why Mr. Mike from Jones & Associates was not in front of him.

If this dared to quote such a price in front of him, Stephen swore that he would definitely take out a gun and directly "burst" this greedy guy, and he would not hesitate for half a second.

I don't know why, thinking of dealing with these greedy guys next, Stephen even thinks that Wang Yufei can provide the vulnerability to Intel, and ask for just Intel's move to release the brain-computer chip, which is even cute.

"Yes, the transaction is complete, and based on the vulnerability information provided by the other party, we have determined the cause of the vulnerability. The exploit is still an optimized feature in modern CPU architecture, and the command ......"

"That's it!"

Stephen raised his hand tiredly to stop Mebori from continuing to play, and then said: "I'm not interested in the specific reason for the leak, you can just make a written report and report it to the board of directors." What I need to know is when you'll be able to patch these vulnerabilities. ”

"This is a structural vulnerability that is difficult to patch at the hardware level, and we will roll out firmware patches as soon as possible. But at the same time, we can provide this vulnerability to our friends, and I believe that friends can minimize the impact of the vulnerability through system updates again. As for solving the problem completely, we may need to redesign the security policy in the next generation of CPUs. Mebori reported decently.

This answer did not surprise Stephen.

The CPU relies on pre-designed logic circuits to work, and once the vulnerability is exposed, it is much more troublesome to patch it than to patch the software vulnerability, which is why the CPU vulnerability problem has not been completely solved until today.

Of course, as long as there are no major problems at the user level, it's OK.

"Well, that's probably good news, so what are you doing here? Don't tell me there's bad news. Stephen stared at Mebberly, who was about to speak, and suddenly had a bad premonition in his heart.

"Yes, Mr. Stephen. There is indeed not good news, and he did provide us with the agreed loopholes. But at the end, he also added an incomplete vulnerability information, which, according to the lab's analysis, if true, could affect almost all Intel CSME, SPS, TXE, DAL, and Intel AMT users. ”

Mebori reported cautiously.

Then the eyes met again, lingering, until Mabri was the first to shift his gaze.

There was a lot of pressure, and Mebori suddenly felt that he couldn't stay in this position, but it seemed that it would be okay for him not to have to face this humiliation.

Thinking that the child who provided him with the vulnerability was only seven or eight years older than his son, Mabri thought Intel might be able to replace it with a younger tech lead.

Of course, this is not to say that the young supervisor's skills are necessarily better, but at least in the face of this situation, there is a stronger heart to look at Stephen and not fall behind.

"Let's take a look, which means that the other party helped us find two vulnerabilities that could cause us a lot of damage, and then we closed the deal. But on top of that, he gave you some hints that he found another vulnerability in our latest CPU, and this vulnerability could have a bigger impact on the vast majority of the CPUs we've sold?"

As if he had already escaped his anger, Stephen's tone softened and said calmly.

This is probably the case, he exploited a vulnerability in the encryption of data storage devices based on CSME encryption, in simple terms, an attacker can exploit this vulnerability to elevate privilege and execute code from inside CSME. ”

"But CSME was one of the first systems to start working, and it was responsible for cryptographically verifying all the firmware loaded on Intel chip-based computers. For example, the CSME is responsible for loading and verifying the UEFI BIOS firmware and managing the firmware for the chipset's power supply. ”

"At the same time, CSME is also the cryptographic foundation of other technologies, and our EPID, identity protection, all DRM technologies or firmware-based TPM technologies are all dependent on CSME to run. So ......"

Looking at Stephen's increasingly ugly face, Mabeli couldn't go on.

He was afraid that Stephen would be angry and that something would go wrong with his body.

Now there are only two people in the office, he and Stephen, or should Comrade Shi's secretary be called in?

"So, tell me, Mebberly, can this vulnerability be exploited without physical access to the system?"

This is an excellent question, in other words, if once exposed, can the black market be exploited remotely?

"That's the problem, yes, Mr. Stephen, the answer is yes. Because there has been a lot of malware on the network before, it can get root privileges at the operating system level and code execution access at the BIOS level. If this vulnerability is exposed, many attackers will target the CSME and extract the chipset key in a short period of time through various imaginative methods. In other words, it's a vulnerability that I wouldn't even want to report to my friends. ”

After saying this, Mebori was in a relaxed mood.

It's really nice to release that pressure, and that's probably the legendary stress transfer.

In fact, Mabeli didn't feel that he should be held responsible for this vulnerability, because he didn't design CSME, well, he was involved in the design at that time, but he wasn't the CTO at that time.

As for how to solve this problem now......

In Mabeli's view, this is no longer a purely technical issue.

Or it would be best if it should be left to Stephen, the most he can do is get kicked from his current position, and he can't lose more!