|While Intel is not aware of active use of the vulnerability described in this advisory, Intel has made updated SINIT Authenticated Code Modules (ACMs) available athttp://software.intel.com/en-us/articles/intel-trusted-execution-technology/to mitigate this issue. If your BIOS includes an SINIT ACM, which is more common for Intel TXT server platforms, a BIOS update that includes the updated SINIT ACM should be installed; please contact your platform OEM. Intel is also providing microcode updates, which will revoke vulnerable SINIT ACMs by causing GETSEC[SENTER] to fail. The BIOS update that contains the new microcode patch should be installed on all affected systems. Note that prior to installing the microcode update, an updated SINIT ACM must be installed to launch your Intel TXT enabled software. Contact your solutions provider or IntelTXT software vendor if your IntelTXT environment fails to launch and to determine how to update your software with the new SINIT ACM. Intel highly recommends that these updates be applied to mitigate this issue.|
If SINIT and Microcode updates for your TXT-capable platform are not immediately available Intel recommends you take the following actions to protect your platform:If IntelTXT is disabled you are not affected by this issue.
If you are not actively running IntelTXT disable it in the BIOS.Consult your owners manual for instructions on how to disable Intel TXT in BIOS.Once you have confirmed that Intel TXT is disabled on your system, you should:
oMaintain control of your computing environment. Administrative access, like Ring 0 in a typical operating system, is required to implement this attack.
oApply all patches and security updates for your operating system and applications.
oEnsure that security utilities such as firewalls, antivirus, etcetera are kept current with updates.