Millions of devices could be at risk from Intel Management Engine vulnerabilities
Patches are on their wayBy Rob Thubron 10 comments
Intel has issued a security advisory over security flaws on its PC, server, and Internet-of-Things processors that make the platforms vulnerable to remote attacks. Mark Ermolov and Maxim Goryachy of Positive Technologies Research identified the issues, and will reveal full details of the Intel Management Engine flaws in a talk at the Black Hat Europe security conference on December 6.
Intel writes that an attacker could use the vulnerabilities to "gain unauthorized access to the platform, [the] Intel ME feature, and third-party secrets protected by the Intel Management Engine, Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE)." From there, a hacker could load and execute arbitrary code outside the visibility of the user and operating system, impersonate the ME/SPS/TXE, and cause the system to crash or become unstable.
Intel has published a list of the processors affected by the vulnerabilities.
- 6th, 7th and 8th Generation Intel Core processors
- Intel Xeon E3-1200 v5 and v6 processors
- Intel Xeon Scalable processors
- Intel Xeon W processors
- Intel Atom C3000 processors
- Apollo Lake Intel Atom E3900 series
- Apollo Lake Intel Pentiums
- Celeron N and J series processors
"Intel Management Engine is a proprietary technology that consists of a microcontroller integrated into the Platform Controller Hub (PCH) microchip with a set of built-in peripherals," the Black Hat talk abstract stated. "The PCH carries almost all communication between the processor and external devices; therefore, Intel ME has access to almost all data on the computer, and the ability to execute third-party code allows compromising the platform completely."
Both Dell and Lenovo have posted long lists of affected systems. Intel has also provided a detection tool on its support website to identify vulnerable Windows and Linux systems, though it's aimed at enterprise use.
The good news is that there are no reports of the vulnerabilities being exploited, but that could soon change. Motherboard and system makers have started integrating patches into their upcoming BIOS updates.
"We worked with equipment manufacturers on firmware and software updates addressing these vulnerabilities, and these updates are available now," Intel said in a statement. "Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible."