A security flaw in Intel's Management Engine could give attackers full access to a victim's machine. Luckily, Intel has released patches to fix it.
Intel has discovered a host of security vulnerabilities affecting certain processor families, the company announced in an advisory on Monday. According to the advisory, the security flaws impact the company's Management Engine, Trusted Execution Engine, and Server Platform Services.
The bugs would allow the attacker full control over a system, giving them the ability to run code without the user knowing, or even to crash the system itself, the advisory said. As reported by ZDNet's Liam Tung, there are 11 total bugs that could potentially impact millions of devices running Intel processors.
SEE: Information security incident reporting policy (Tech Pro Research)
According to the advisory, the following Intel products are affected:
- 6th, 7th, and 8th Generation Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 and v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
The flaws were originally uncovered by Mark Ermolov and Maxim Goryachy of Positive Technologies Research. The highest level vulnerabilities uncovered have to do with the Management Engine, and could allow for remote code execution of access to privileged information.
Intel has since released two detection tools--a GUI tool for Windows users and a command line tool for Linux users. Manufacturers like Dell and Lenovo have also released lists of their impacted products.
Intel's Management Engine has been the source of much contention in security circles for some time. TechRepublic columnist Jack Wallen explained the potential problems with the engine back in July 2016, noting that some of the concerns were overblown, but that there were legitimate risks.
Intel has since issued a firmware update to address some of the flaws found in the systems.
The 3 big takeaways for TechRepublic readers
- Security flaws affecting many Intel processors put users' machines at risk of being taken over by attackers, compromising the firm's Management Engine.
- There were 11 total bugs discovered, impacting millions of devices. Intel has since released a firmware update to address the vulnerabilities.
- Intel's Management Engine has been the subject of much security debate over the past year, with experts calling out the level of access it gives to those who can take advantage of it.
- Information Security Management Fundamentals (TechRepublic Academy)
- Intel: We've found severe bugs in secretive Management Engine, affecting millions (ZDNet)
- Is the Intel Management Engine a backdoor? (TechRepublic)
- Intel, QuTech work on 17-qubit quantum computing chip, packaging (ZDNet)
- How to build a successful career in cybersecurity (free PDF) (TechRepublic)