Security

4 exploitable bugs plague Intel Management Engine: Patch now

Some of the flaws require privileged access, but a buffer overflow vulnerability is fairly serious.

The Intel Management Engine (IME) has had its fair share of problems over the past year, and now four new exploitable bugs have popped up. Intel has released two advisories for the bugs— one addressing three of them, and the other addressing a single flaw.

The bugs all impact the IME in various ways. The solo advisory, which noted CVE-2018-3627, describes a logic bug that can "allow an attacker to execute arbitrary code via local privileged access." While it does require privileged access, it's rated as a 7.5 out of 10 in terms of severity.

Here are the affected CPUs and their resolved firmware versions:

  • 6th Generation Intel Core Processor Family - Intel CSME 11.8.50
  • 7th Generation Intel Core Processor Family - Intel CSME 11.8.50
  • 8th Generation Intel Core Processor Family - Intel CSME 11.8.50
  • Intel Xeon Processor E3-1200 v5 & v6 Product Family - Intel CSME 11.8.50
  • Intel Xeon Processor W Family - Intel CSME 11.11.50

SEE: System update policy template (Tech Pro Research)

The three flaws noted in the other advisory are as follows: A buffer overflow in HTTP handler (CVE-2018-3628), a buffer overflow in event handler (CVE-2018-3629), and a memory corruption bug (CVE-2018-3632).

The buffer overflow in HTTP was the highest-rated of the four, at 8.1 out of 10. According to the advisory, it could "allow an attacker to execute arbitrary code via the same subnet."

The buffer overflow in the event handler could lead to a denial of service (DoS) attack, and was rated 7.5 out of 10. Finally, the memory corruption flaw (6.4 out of 10) could be triggered by someone with local admin permissions.

These flaws impact corporate PCs, servers, workstations and IoT devices. Here are the affected CPU generations and their resolved firmware versions:

  • 4th Generation Intel Core Processor Family - Intel CSME 9.1.43, Intel CSME 9.5.63
  • 5th Generation Intel Core Processor Family - Intel CSME 10.0.57
  • 6th Generation Intel Core Processor Family - Intel CSME 11.8.50
  • 7th Generation Intel Core Processor Family - Intel CSME 11.8.50
  • 8th Generation Intel Core Processor Family - Intel CSME 11.8.50
  • Intel Xeon Processor E3-1200 v5 & v6 Product Family - Intel CSME 11.8.50
  • Intel Xeon Processor Scalable Family - Intel CSME 11.21.51
  • Intel Xeon Processor W Family - Intel CSME 11.11.50

The issues with IME started back in November 2017, when researchers found several severe bugs affecting the management engine. This led some PC vendors to begin disabling IME in an effort to protect their customers. Now, however, more flaws have surfaced and admins would be smart to patch quickly in order to avoid becoming a victim of an exploit.

The big takeaways for tech leaders:

  • Security researchers have found four new vulnerabilities affecting the Intel Management Engine, including a logic bug, buffer overflows, and more.
  • The Intel Management Engine has suffered from a few vulnerabilities since late 2017, when the initial set were discovered and vendors began disabling it.

Also see

bug.jpg
Image: iStockphoto/BeeBright

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox