Intel Management Engine flaws could put millions of PCs at risk

Adjust Comment Print

If you want to see if your system is part of the wave of vulnerable to remote attacks, the company has released a detection tool that you can download right here. Mark Ermolov and Maxim Goryachy of Positive Technologies Research identified the issues, and will reveal full details of the Intel Management Engine flaws in a talk at the Black Hat Europe security conference on December 6.

Intel has confirmed previous reports that its recent PC, internet of things and server chips are vulnerable to remote hacking.

There were 11 total bugs discovered, impacting millions of devices.

Intel Management Engine firmware updates v11.0 through to v11.20 were found to have four vulnerabilities, while two more were found in earlier versions of ME.

Although Intel's patch will resolve the issue, the company has still not responded to calls to allow users to turn the Intel Management Engine off, nor has it provided anyone with access to the source code for an external security audit. Intel's statement on the matter has more specific information about the nature of the security flaws. At least this would suggest these flaws can not be exploited remotely.

Xbox Live Games With Gold December 2017 Announced
Back To The Future: The Game is a Telltale title, and is an episodic adventure title much like some of their other games. It will usher forth yet another landmark game experience from the mind of renowned game designer Tetsuya Mizuguchi.

According to the cybersecurity firm Rapid7's, chief data scientist, Bob Rudis, these sort of flaws could potentially allow hackers to evade any system's security features.

The law concerns the "Management Engine" (ME), which was until now a little known "master controller" from Intel that shipped with eight types CPUs since 2008.

Intel has since issued a firmware update to address some of the flaws found in the systems. This means that there will be no one solution for all devices and that devices can not be fixed all at once.

"US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware", said the US government in its advisory.

The highest-level vulnerabilities, rated at 8.2 and 7.5 on the Common Vulnerability Security Scale (CVSSv3) respectively, are in the most recent versions of Intel Management Engine. Dell and Lenovo do not yet have patches available; Dell's ship dates for new firmware are to be determined, and Lenovo is hoping to have some new firmware available by November 23.