Intel Confirms Serious Management Engine Security Vulnerability Affecting Millions Of PCs
The IME is a secondary subsystem that operates alongside Intel processors and runs Minix. The IME is capable of running code without input from the host operating system (which is how it is able to power Intel Active Management Technology), making its existence a serious concern for security analysts.
According to the United States Computer Emergency Readiness Team (US-CERT), "An attacker could exploit some of these vulnerabilities to take control of an affected system." For its part, Intel says that IME firmware versions that are affected include 11.0, 11.5, 11.6, 11.7, 11.10 and 11.20. In addition, SPS Firmware 4.0 and TXE version 3.0 are included in Intel's security advisory.
As for Intel's hardware platforms that are affected, it represents a pretty broad swatch of Intel's primary processor families:
- 6th, 7th & 8th Generation Core Processor Family
- Xeon Processor E3-1200 v5 & v6 Product Family
- Xeon Processor Scalable Family
- Xeon Processor W Family
- Atom C3000 Processor Family
- Apollo Lake Atom Processor E3900 series
- Apollo Lake Pentium
- Celeron N and J Series Processors
So, what exactly could a potential hacker achieve if he or she were to exploit the vulnerabilities in Intel processing platforms? According to the company, attackers could:
- Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
- Load and execute arbitrary code outside the visibility of the user and operating system.
- Cause a system crash or system instability.
Intel rates these vulnerabilities as "Important" in their severity rating, which is one step below "Crucial". Intel says that the Important level of impact "if exploited, would directly impact the confidentiality, integrity or availability of user’s data or processing resources."
A tool has been provided directly by Intel to scan your system to see if you are susceptible to the vulnerabilities. You can download the tool here. Likewise, Intel also suggests that you contact your motherboard manufacturer or system OEM to determine if a firmware update is available if your system is affected.
For its part, Gigabyte says that it is releasing BIOS updates to address the vulnerabilities starting with Z370 and 200 series motherboards. It will then work backwards to address other affected products. "Gigabyte is committed to ensuring the quality and service of our motherboards," the company writes. "Any issues that affect the user’s experience with our products will be addressed with the utmost concern."