Critical security vulnerability in millions of Intel processors
Wed 22 Nov 2017
Intel has released a security alert regarding a critical elevation of privilege vulnerability that affects millions of servers and computers.
This alert impacts systems using Intel Management Engine (ME) Firmware versions 11.0 and higher, Server Platform Service (SPS) Firmware version 4.0, and Trusted Execution Engine (TXE) version 3.0. By accessing the elevation of privilege vulnerability, an attacker could gain access to the platform and could impact local security features, load and execute malicious code, and cause system instability or even crash the system entirely.
Affected products include Intel Core processors, Xeon processors, Apollo Lake Atom and Pentium processors, and Celeron N and J series processors.
Intel has released a detection tool that users can apply to check if the vulnerability applies to their systems. Additionally, Agnes Kwan of Intel said that the company had provided software patches to correct the flaw to all major computer manufacturers, who can then distribute patches to customers.
The vulnerability was revealed during an in-depth security review at Intel, sparked by flaws exposed by a team of Russian researchers last August. The team at Positive Technologies identified security issues with the Intel Management Engine, which allowed unauthorized users to disable ME and extract large numbers of XML files. The researchers linked this vulnerability directly to a platform in use by the U.S. National Security Agency.
The Department of Homeland Security weighed in on the issue, advising users to review Intel’s security notifications and to use the detection tool to determine whether their system is affected by the vulnerability. DHS also counselled users to contact the manufacturer directly for software updates and advice on how to mitigate the threat that the chip vulnerability could pose to individual computers and to networks.
Intel said that it has not identified a single instance where this flaw has been exploited to conduct a cyber attack. However, due to the widespread use of the Intel processor chips, the newly-discovered flaw remains a major concern for many personal and business users of computers with the affected processors.
Intel recently announced record-breaking financial results, with strong revenue growth and record earnings, largely thanks to a boost in its data centre business.