Connect with us

Hi, what are you looking for?


Management & Strategy

System76 to Disable Intel ME on Laptops Due to Security Flaws

Following the discovery of several potentially serious vulnerabilities in Intel’s Management Engine (ME), computer seller System76 announced its intention to disable the feature on its laptops with a future firmware update.

Following the discovery of several potentially serious vulnerabilities in Intel’s Management Engine (ME), computer seller System76 announced its intention to disable the feature on its laptops with a future firmware update.

In the past months, Intel and third party security researchers discovered a significant number of flaws in ME and Active Management Technology (AMT), which allow users to remotely manage devices. The security holes can be exploited to execute arbitrary code without being detected by the user or the operating system, bypass security features, and crash systems.

Intel has released patches for these vulnerabilities and vendors such as Acer, Dell, Fujitsu, HPE, Lenovo, and Panasonic informed customers that they are also working on firmware updates that address the weaknesses.

System76, which provides Linux-powered laptops, desktops and servers, has decided to address the risks introduced by Intel ME by disabling the feature altogether.

The company has been working on a system that will allow it to automatically deliver firmware updates to computers in the same way software updates are currently being delivered through the operating system. The new update mechanism has been tested and it’s nearly ready for deployment on laptops.

System76 plans on delivering a firmware update that disables ME on laptops using 6th, 7th and 8th generation CPUs from Intel. This includes Bonobo, Gazelle, Kudu, Lemur, Oryx and Serval laptops.

Users will be informed of an update via email and prompted to install it – updates will not be conducted without user interaction. The automatic updates will work on laptops running Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10, or version 17.10 of Pop!_OS, System76’s own Linux distribution.

Advertisement. Scroll to continue reading.

ME will continue to be present on System76 desktop computers, but users will be provided firmware updates that patch the vulnerabilities disclosed by Intel.

“There is a significant amount of testing and validation necessary before delivering the updated firmware and disabled ME,” explained System76 CEO Carl Richell. “Disabling the ME will reduce future vulnerabilities and using our new firmware delivery infrastructure means future updates can roll out extremely fast and with a higher percentage of adoption (over listing affected models with links to firmware that most people don’t install).”

The company pointed out that disabling ME on laptops may no longer be possible at some point if Intel makes changes to the feature. “We implore Intel to retain the ability for device manufactures and consumers to disable the ME,” Richell said.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.