Linux Mint-powered MintBox 2 has security vulnerability -- needs Microsoft Windows to fix it
There is a belief that Linux-based computers are inherently secure, and yeah, there is some truth to that. With that said, no operating system, kernel, or hardware is infallible. All computers have vulnerabilities and can ultimately be hacked.
A good example of this is the Linux Mint-powered MintBox 2. While the diminutive PC is not built by the Linux Mint team (it is merely a rebranded Intense PC), it is supported by them. Today, it is revealed that the computer is suffering from a dangerous vulnerability that can impact the machine's BIOS. Luckily, a patch is available.
Fit-PC, the maker of the computer, explains the vulnerability by saying, "In case an affected model is exposed to malicious software running inside the operating system, the malicious software is able to read or write to Flash memory storing BIOS and Intel ME firmware and may corrupt or alter them."
Yikes. Unfortunately, you cannot fix this issue from within Linux Mint. Instead, you must create a bootable flash drive that is designed to patch the system. The fix will patch the BIOS, preventing malicious software from altering it. Hilariously, the instructions (as seen below) list using Windows to fix it. It is quite possible that the owner may not have access to a Windows machine...
- Download the latest Intense PC BIOS image:
BIOS update for Intense PC (MintBox 2)
- Extract the image file from the archive.
- Prepare bootable USB image:
Use Win32DiskImager utility for Windows: Win32DiskImager
- Boot Intense PC or MintBox2 from the USB Flash drive.
- When boots up into FreeDOS command line run BIOS_UPD.bat and wait for it's completion without errors.
- After it the system will boot again into FreeDOS run ME_LOCK.bat and wait for it's completion without errors.
- Wait until message "Please disconnect this system from power for 15 sec for completion"
- Power cycle the computer.
Are you the owner of a MintBox 2? Have you been able to patch your computer? Tell me how it went in the comments below.