Since the revelation of Spectre and Meltdown, there has been an increased focus on CPU and chipset security. Last year, a vulnerability was discovered in Intel's ‘Manufacturing Mode' for laptop CPUs, which leaves systems vulnerable to certain attacks. Recently, it was discovered that a number of Razer laptops were left open to this exploit, but a fix is now rolling out.
As originally spotted by The Register, security expert, Bailey Fox, recently discovered that Razer's laptops were still vulnerable to the CVE-2018-4251 issue. This is a security flaw with Intel's ‘ME Manufacturing Mode', which is used by OEMs when building new systems. This can be used as a backdoor for attackers to downgrade a BIOS to exploit older security problems, like Spectre and Meltdown. It can also be used for other malware attacks.
This bug was documented in June 2018, after it was spotted affecting Apple's Mac systems. Apple patched this back in October but other laptop makers weren't quite as fast. Bailey Fox tried to get the issue resolved with Razer through a HackerOne bug report but things weren't escalating, so the issue was made public.
Now, Razer has sorted things out on its end. In a statement the company said that it is aware of “certain Intel Management Engine vulnerabilities” in the chipsets of several Razer laptop models. To address the issue, a new update is being applied to all laptops currently coming out of the factory. For anyone who owns one of the affected laptops already, there is a downloadable software tool that will apply the patch.
Affected models include the Blade 15 Base model from 2018 and the Blade 15 Advanced from 2018 and 2019. This year's Razer Blade Stealth 13 was also affected.
KitGuru Says: It took a while for the patch to come through but at least it is rolling out now. If you happen to own one of the affected Blade laptops, then you'll want to run the patch tool to get things secure once again.