Something is wrong.

External pressure did not completely make Mayberry lose his ability to think.

The last description of another vulnerability in the attachment was incomplete, but it made Mayberry feel nervous.

Because of a simple verification based on this description, Mayberry instantly believed that Wang Yufei was indeed holding a landmine in his hand.

But Mayberry did not call Wang Yufei, but took the initiative to come to Stephen's office immediately.

"Is the transaction completed?" Stephen put down the work in his hands and asked with a frown, his tone was not very friendly.

Isn't the reason why you have to work overtime in the office so late because the company has to deal with that aggressive lawyer in China?

If the technical department can complete the design of the CPU with a mentality of excellence and avoid discovering these loopholes, why does it need to have such a headache?

Of course, it's also because Mike from Jones Law Firm is too greedy.

The settlement plan worth tens of millions of dollars was directly returned, and the other party even asked for a billion dollars!

This is what Mr. Mike from Jones Law Firm did not see in front of him.

If this guy dared to quote such a price in front of him, Stephen swore that he would definitely pull out a gun and shoot this greedy guy straight away without hesitating for even half a second.

I don’t know why, but when he thought about having to deal with these greedy guys next, Stephen even thought it was cute that Wang Yufei could provide the vulnerability to Intel and only asked Intel to release the brain-computer chip.

"Yes, the transaction is completed. Based on the vulnerability information provided by the other party, we have determined the cause of the vulnerability. This vulnerability still exploits an optimized function in the modern CPU structure, the command row..."

"alright!"

Stephen raised his hand tiredly to stop Mayberry from continuing, and then said: "I'm not interested in the specific reasons for the vulnerabilities. Just make a written report and report it to the board of directors. What I need to know is

When will you be able to patch these loopholes?"

"This is a structural vulnerability, which is difficult to patch at the hardware level. We will launch a firmware patch as soon as possible. But at the same time, we can provide this vulnerability to our friends. We believe that they can fix the vulnerability through system updates."

Minimize the impact. As for a complete solution to the problem, we may need to redesign the security strategy in the next generation of CPUs." Mayberry reported in a satisfactory manner.

This answer did not surprise Stephen.

CPUs rely on pre-designed logic circuits to work. Once a vulnerability is exposed, it is much more troublesome to fix it than to fix software vulnerabilities. This is why the CPU vulnerability problem has not been completely solved until today.

Of course, as long as there are no major problems at the user level, it will be ok.

"Okay, this should probably be considered good news, so why are you still here? Don't tell me there's bad news again." Stephen stared at Mayberry, who was hesitant to speak, and suddenly felt uncomfortable in his heart.

Good hunch.

"Yes, Mr. Stephen. There is indeed bad news. He did provide us with the agreed vulnerabilities. But at the end, he also added an incomplete vulnerability information. According to the laboratory analysis,

If this information is true, it may affect almost all Intel csme, sps, txe, dal and Intel amt users."

Mayberry reported carefully.

Then the four eyes met again, lingering until Mayberry took the lead to avert his gaze.

The pressure was great, and Mayberry suddenly felt that he could not stay in this position, but it seemed that it was good, because he would not have to face such humiliation.

Thinking that the child who provided him with the vulnerability was only seven or eight years older than his son, Mayberry felt that Intel might be able to replace it with a younger technical director.

Of course, this does not mean that young managers will definitely have better skills, but at least when faced with this situation, they will have a stronger heart to look at Stephen, so that they will not be at a disadvantage.

"Let's take a look, that is to say, the other party helped us find two loopholes that may cause us great losses, and then we completed the transaction. But on this basis, he gave you some tips to tell you

Another vulnerability has been discovered in our latest CPU, and the impact of this vulnerability may be greater and may affect most of the CPUs we have sold?"

As if he was out of anger, Stephen's tone softened and he spoke calmly.

"This is probably the case. He is exploiting a vulnerability in the encryption of data storage devices based on csme encryption. Simply put, attackers can use this vulnerability to escalate privileges and execute code from within csme."

"But csme was one of the first systems to start running, and it's responsible for cryptographically validating all firmware loaded on Intel chip-based computers. CSME, for example, is responsible for loading and validating the uefi bios firmware and the firmware that manages the chipset's power."

"At the same time, CSME is also the encryption basis for other technologies. Our epid, identity protection, and all DRM technologies or firmware-based TPM technologies all rely on CSME to run. So..."

Seeing Stephen's increasingly ugly expression, Mayberry couldn't speak any more.

He was afraid that Stephen would be so angry that something would happen to his body.

He and Stephen are the only two people in the office now, or should Comrade Shi's secretary be called in?

"So, tell me, Mayberry, can this vulnerability be exploited without physical access to the system?"

This is an excellent question. In other words, if it is exposed, can the black product be exploited remotely?

"That's the question. Yes, Mr. Stephen, the answer is yes. Because there have been a lot of malware on the network before, which can obtain operating system-level root privileges and bios-level code execution access. If this vulnerability

exposed, many attackers will focus on csme and use various imaginative methods to extract the chipset key in a short period of time. In other words, this is a problem that I don’t even want to report to my friends.

loopholes."

After saying this, Mayberry felt relaxed.

It feels really good to release this kind of pressure. This is probably the legendary pressure transfer.

In fact, Mayberry does not feel that he should bear responsibility for this vulnerability exposure, because he did not design CSME. Well, he participated in the design at the time of acquisition, but he was not the chief technology officer at that time.

As for how to solve this problem now...

In Mayberry's view, it is no longer a purely technical issue.
Chapter completed!