Intel Management Engine flaws could put millions of PCs at risk

Adjust Comment Print

If you want to see if your system is part of the wave of vulnerable to remote attacks, the company has released a detection tool that you can download right here. Mark Ermolov and Maxim Goryachy of Positive Technologies Research identified the issues, and will reveal full details of the Intel Management Engine flaws in a talk at the Black Hat Europe security conference on December 6.

Intel has confirmed previous reports that its recent PC, internet of things and server chips are vulnerable to remote hacking.

There were 11 total bugs discovered, impacting millions of devices.

Intel Management Engine firmware updates v11.0 through to v11.20 were found to have four vulnerabilities, while two more were found in earlier versions of ME.

Although Intel's patch will resolve the issue, the company has still not responded to calls to allow users to turn the Intel Management Engine off, nor has it provided anyone with access to the source code for an external security audit. Intel's statement on the matter has more specific information about the nature of the security flaws. At least this would suggest these flaws can not be exploited remotely.

Analysts Showing Optimistic Trends For Tesla Motors, Inc. (TSLA)
Currently, 174.03 million total shares are owned by the public and among those 173.51 million shares have been available to trade. It improved, as 83 investors sold TSLA shares while 159 reduced holdings. 111 funds opened positions while 197 raised stakes.

According to the cybersecurity firm Rapid7's, chief data scientist, Bob Rudis, these sort of flaws could potentially allow hackers to evade any system's security features.

The law concerns the "Management Engine" (ME), which was until now a little known "master controller" from Intel that shipped with eight types CPUs since 2008.

Intel has since issued a firmware update to address some of the flaws found in the systems. This means that there will be no one solution for all devices and that devices can not be fixed all at once.

"US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware", said the US government in its advisory.

The highest-level vulnerabilities, rated at 8.2 and 7.5 on the Common Vulnerability Security Scale (CVSSv3) respectively, are in the most recent versions of Intel Management Engine. Dell and Lenovo do not yet have patches available; Dell's ship dates for new firmware are to be determined, and Lenovo is hoping to have some new firmware available by November 23.