Re: Intel Management Engine Vulnerability
2017/12/03 02:46:22
(permalink)
I expect this to go unpatched for at least 4 months, like the last one.
Reading over the warranty, one might be able request an RMA for a non-vulnerable board, aka an upgrade. It would rest on whether Intel ME or the chipset are considered third-party software/equipment. If so, they could theoretically write off any warranty as non-valid at their discretion, telling you to take it up with Intel with no hard evidence, or to claim capacitors were not made "in-house" if financially required to go so far.
Unfortunately, almost no company wants to pay for anything that goes wrong and the only one without something substantial to offer is you. After being forced to sign various bead agreements to even use the end-products, you have nearly no rights. Capitalizing on an advantage, one would call that. Good business another might say.
You know what? Let's get rid of consumer warranties, but keep the business ones. Imagine the mountainous profits at low-risk! We'd be free to cut costs on security, with the added bonus of pushing home user to upgrade with plausible deniability. Sure business for the whole supply chain and the consumer keeps spending. There's bound to be kickbacks from the NSA for that, too (at very least non-interference).