who knows ? maybe Intel didn't want to patch this bug because it wants to exploit it someday !
I believe conspiracy theory does have a place here..
I wasn't so happy about my AMD processor, but now I'm like : LONG LIVE AMD !
Thanks for the news georgecloner.

What the heck does Intel up to? Yeah, they should cover this vulnerability with some kind of patch or firmware.

Does this rootkit active regardless of operating system? If yes, people with servers, watch out 

Samker,

Does this mean, if you have a Intel Processor like Intel Core 2 Duo. We are vulnerable to the bug?

Believe it Sam, they do forget.. hehehe.

The researchers were fairly responsible to report the issue immediately. And they quote:

So, being the good and responsible guys that we are, we immediately reported the new bug to Intel (actually talking to Intel's PSIRT is getting more and more routined for us in the recent months . And this is how we learnt that Loic came up with the same attack (back then there was no talk description at the conference website) — apparently he approached Intel about this back in October 2008, so 3-4 months before us — and also that he's planning to present it at the CanSecWest conference in March. So, we contacted Loic and agreed to do coordinated disclosure next Thursday.

Interestingly, however, none of us was even close to being the first discoverer of the underlying problem that our attacks exploit. In fact, the first mention of the possible attack using caching for compromising SMM has been discussed in certain documents authored as early as the end of 2005 (!) by nobody else than... Intel's own employees.

Yeah RIGHT! This is a nasty one!

Now that Intel CPUs' are vulnerable to exploit!  Finger's crossed for the meantime until Intel gets to fix this issue!!!

P.S.

Just type nice words to Intel guys!   HEHEHE

Security researchers Joanna Rutkowska and Loic Duflot are planning to release information on what NetworkWorld blogger Jamey Heary calls "the scariest, stealthiest, and most dangerous rootkit" he's seen.

According to Heary, on Thursday (March 19, 2009) the researchers will release a research paper and exploit code for a new SMM (System Management Mode) rootkit that utilizes an Intel CPU caching vulnerability. The attack allows the rootkit to hide in the SMM space and take control of the PC. Heary warns that there is no software that can detect the rootkit once it is installed.

"Thursday, March 19th, 1600 UTC, we will publish a paper (+ exploits) on exploiting Intel® CPU cache mechanisms. The attack allows for privilege escalation from Ring 0 to the SMM on many recent motherboards with Intel CPUs. Rafal implemented a working exploit with code execution in SMM in a matter of just a few hours."

Why are they releasing the code to the public? Rutkowska and Duflot claim that Intel has known about the vulnerability for years and hasn't done anything to fix it. So, they are simply reporting what someone with less than legal intentions is already exploiting.

"If there is a bug somewhere and if it stays unpatched for enough time, it is almost guaranteed that various people will (re)discover and exploit it, sooner or later. So, don't blame researchers that they find and publish information about bugs — they actually do a favor to our society."

(ITBE)