Intel firmware contains serious Management Engine vulnerabilities, affecting millions of systems
Security researchers have discovered critical issues with the hidden firmware used in some Intel chips. Security firm Positive Technologies discovered a series of serious vulnerabilities in Intel's Management Engine (ME), Server Platform Services (SPS) and Trusted Execution Engine (TXE).
The security flaw could allow an attacker to run code that would be invisible to the operating system, opening up the possibility of invisible rootkit or malware infections, as well as the risk of exposing valuable data. The problem is believed to affect millions of computers and servers.
Maxim Goryachy and Mark Ermolov from Positive Technologies made the discovery in the controversial, hidden Management Engine. They are due to appear at Blackhat in December, where they will demonstrate how the vulnerability can be exploited to run unsigned code that remains completely invisible to security software.
Tipped off about the vulnerability, Intel issued a security advisory and listed the chips that are affected:
- 6th, 7th & 8th Generation Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 & v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
The company provides a brief description of issue, but goes into more detail in the advisory:
Summary:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.
Description:
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.
If you are concerned about the security of your computer or server, Intel has released a tool that will determine if your system is vulnerable. Keep your eyes open for fixes.