I think it is time to let Intel® Ready Mode Technology (RMT) support go away from the BIOS of our workstations. Three months ago a serious design flaw was discovered by Marius Gabriel Mihai. There will be no fix coming from Intel as this error is on the way Ready Mode Technology itself has been conceived. From INTEL-SA-00198:
Intel has issued a Product Discontinuation notice for Intel® Ready Mode Technology and recommends that users of the Intel® Ready Mode Technology uninstall it at their earliest convenience.
This one is an error that exists in the fundamental way Intel® RMT works, and it is very easy to exploit by anyone with local access to the workstation. Its associated CVE vector is CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and it has a base score of 7.8. It is very easy to exploit and, as fundamental flaw on the design of the affected technology, there is no way to fix it.
I agree! I hope Dell takes this one seriously!
Proverbs 4:7 - Wisdom is the principal thing; therefore get wisdom; Yea, with all thy getting get understanding.
Thanks for the kudo. Don't know if it matters, but it seems Intel has removed this technology from its BIOSes last summer, a few months before coordinated disclosure took place. See, for example, this BIOS update release note.
In my humble opinion, removing support for this technology would be a sensible decision as Intel® Ready Mode Technology is considered unfixable by their developers.