News
News Categories

Intel ME security flaws affect millions of PCs, include Intel's latest chips

By Michael Low & Koh Wanzi - on 24 Nov 2017, 8:30am

Intel ME security flaws affect millions of PCs, include Intel's latest chips

Image source: Paul Sakuma - AP.

Intel has admitted that there are multiple security vulnerabilities in its Management Engine (ME), a remote administration feature that allows IT administrators to manage devices and perform wide-ranging functions. 

Security researchers have long been concerned about Intel’s ME, partly because only Intel could inspect the firmware. However, it’s long been suspected that the subsystem had flaws that could be exploited by attackers, as it requires deep system access and could give over full control of a certain computer to malicious actors if compromised.

Intel’s admission comes after several research groups uncovered bugs in ME, which led to the chipmaker conducting its own security review. The move was also prompted in large part by the findings of Russian researchers Maxim Goryachy and Mark Ermolov from security firm Positive Technologies, which could have allowed an attacker with local access to execute arbitrary code.

Monday’s security advisory points out bugs in ME, in addition to the Sever Platform Services (SPS) remote server management tool and the Trusted Execution Engine (TXE) hardware authentication tool.

ME exists in a separate microprocessor on Intel’s chipsets, and the list of affected chips is extensive:

  • 6th, 7th & 8th Generation Intel Core Processor Family
  • Intel Xeon Processor E3-1200 v5 and v6 Product Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor W Family
  • Intel Atom C3000 Processor Family
  • Apollo Lake Intel Atom Processor E3900 Series
  • Apollo Lake Intel Pentium
  • Celeron N and J Series Processors

What’s more, because ME has its own microprocessor, it can run even when a PC is off (but plugged in), as the microprocessor can function as a separate computer. This could then allow attackers to gain greater degrees of control by using ME as a launchpad.

Furthermore, the exploit could let an attack operate separately from the main computer, so they wouldn’t trigger any alarms.

If you’re running a relatively new system, chances are the chip in it is exposed. Dell and Lenovo have already released lists of the affected systems, and they are very, very long.

Nevertheless, Intel has released a detection tool for Linux and Windows to help customers check if their systems are vulnerable.

The company does have a fix ready, but users will need to wait for individual vendors to push out the updates.

That said, the silver lining is that most of the security holes require local access to exploit, which would limit a potential attacker’s options.

Source: Intel.