CATEGORIES
home News

Intel Confirms Serious Management Engine Security Vulnerability Affecting Millions Of PCs

by Brandon HillTuesday, November 21, 2017, 03:54 PM EDT
Intel has acknowledged a serious vulnerability in the Intel Management Engine (IME), that was disclosed earlier this summer via the hard work of a team of security researchers. However, in addressing the IME vulnerability, Intel also confirmed additional vulnerabilities in its Server Platform Services (SPS) and Trusted Execution Engine (TXE).

The IME is a secondary subsystem that operates alongside Intel processors and runs Minix. The IME is capable of running code without input from the host operating system (which is how it is able to power Intel Active Management Technology), making its existence a serious concern for security analysts.

Intel

According to the United States Computer Emergency Readiness Team (US-CERT), "An attacker could exploit some of these vulnerabilities to take control of an affected system." For its part, Intel says that IME firmware versions that are affected include 11.0, 11.5, 11.6, 11.7, 11.10 and 11.20. In addition, SPS Firmware 4.0 and TXE version 3.0 are included in Intel's security advisory.

As for Intel's hardware platforms that are affected, it represents a pretty broad swatch of Intel's primary processor families:

  • 6th, 7th & 8th Generation Core Processor Family
  • Xeon Processor E3-1200 v5 & v6 Product Family
  • Xeon Processor Scalable Family
  • Xeon Processor W Family
  • Atom C3000 Processor Family
  • Apollo Lake Atom Processor E3900 series
  • Apollo Lake Pentium
  • Celeron N and J Series Processors

So, what exactly could a potential hacker achieve if he or she were to exploit the vulnerabilities in Intel processing platforms? According to the company, attackers could:

  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.

Intel rates these vulnerabilities as "Important" in their severity rating, which is one step below "Crucial". Intel says that the Important level of impact "if exploited, would directly impact the confidentiality, integrity or availability of user’s data or processing resources."

A tool has been provided directly by Intel to scan your system to see if you are susceptible to the vulnerabilities. You can download the tool here. Likewise, Intel also suggests that you contact your motherboard manufacturer or system OEM to determine if a firmware update is available if your system is affected.

For its part, Gigabyte says that it is releasing BIOS updates to address the vulnerabilities starting with Z370 and 200 series motherboards. It will then work backwards to address other affected products. "Gigabyte is committed to ensuring the quality and service of our motherboards," the company writes. "Any issues that affect the user’s experience with our products will be addressed with the utmost concern."

Tags:  Intel, (NASDAQ:INTC), Minix, management engine, ime, txe
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment