Intel Critical Security Flaw Affects Chips in Millions of Computers, Servers

“An attacker could gain unauthorized access to platform, Intel ME feature, and 3rd party secrets protected by the Intel Management Engine (ME), Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE),” the new alert states.

Aldrin Brown, Editor-in-Chief

November 22, 2017

2 Min Read
Critical Vulnerability Grid from Intel Processor Alert

Intel says that a piece of software inside virtually all of its newest computer chips contains a critical security flaw that enables an attacker to manipulate security features, run arbitrary code or crash a system.

The chip maker launched a comprehensive review of its firmware after a private team of Russian security researchers reported in August it had found a way to access a backdoor designed to allow some government customers to disable the Management Engine (ME) master controller inside Intel CPUs.

Intel, in an alert issued Monday, reported that the review had identified 11 significant security issues affecting millions of computers, servers and even Internet of Things (IoT) devices.

“In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience,” the alert states. “As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk.

“Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.”

Intel issued the following list of affected products:

·      6th, 7th & 8th Generation Intel Core™ Processor Family

·      Intel Xeon Processor E3-1200 v5 & v6 Product Family

·      Intel Xeon Processor Scalable Family

·      Intel Xeon Processor W Family

·      Intel Atom C3000 Processor Family

·      Apollo Lake Intel Atom Processor E3900 series

·      Apollo Lake Intel Pentium™

·      Celeron N and J series Processors

Intel also released a downloadable detection tool to help users of Windows and Linux to assess whether their hardware is at risk.

“An attacker could gain unauthorized access to platform, Intel ME feature, and 3rd party secrets protected by the Intel Management Engine (ME), Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE),” the alert states.

The chip manufacturer advised the public to update their firmware and check for patches from manufacturers of their specific computer hardware.

“Intel highly recommends checking with your system OEM for updated firmware,” the alert states. “Intel highly recommends that all customers install the updated firmware and Intel Capability License Service on impacted platforms.”

Click here for the most complete mitigation instructions from Intel.

Send tips and news to [email protected].

Read more about:

AgentsMSPsVARs/SIs

About the Author

Aldrin Brown

Editor-in-Chief, Penton

Veteran journalist Aldrin Brown comes to Penton Technology from Empire Digital Strategies, a business-to-business consulting firm that he founded that provides e-commerce, content and social media solutions to businesses, nonprofits and other organizations seeking to create or grow their digital presence.

Previously, Brown served as the Desert Bureau Chief for City News Service in Southern California and Regional Editor for Patch, AOL's network of local news sites. At Patch, he managed a staff of journalists and more than 30 hyper-local and business news and information websites throughout California. In addition to his work in technology and business, Brown was the city editor for The Sun, a daily newspaper based in San Bernardino, CA; the college sports editor at The Tennessean, Nashville, TN; and an investigative reporter at the Orange County Register, Santa Ana, CA.

 

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like