Major Vulnerabilities in Intel Processors Put Millions of PCs at Risk

Intel Admits to Severe Vulnerabilities in Management Engine, Millions of Devices at Risk

In recent months, multiple research teams have flagged significant vulnerabilities within Intel’s remote management technology, known as the Management Engine (ME). These security flaws could allow remote attackers to gain full access to targeted systems, raising alarm across the cybersecurity community. Intel has now acknowledged these vulnerabilities, indicating that they could “potentially place impacted platforms at risk.”

On Monday, the chip manufacturer released a security advisory detailing critical weaknesses not only in the Management Engine but also in related tools like the Server Platform Services (SPS) and the Trusted Execution Engine (TXE). Millions of devices reliant on these technologies are vulnerable to various severe security issues, raising the stakes for businesses and IT administrators.

The most pressing vulnerability identified, cataloged as CVE-2017-5705, pertains to multiple buffer overflow issues within the operating system kernel of Intel’s ME Firmware. This flaw potentially allows attackers with local access to execute code outside the user’s and operating system’s visibility, leading to full system compromise. Such exploitation could give malicious actors the ability to control an organization’s critical infrastructure without detection.

In addition, another high-severity vulnerability (CVE-2017-5708) has been disclosed, involving privilege escalation bugs within the ME Firmware kernel. This flaw allows unauthorized processes to access sensitive content through unspecified methods, significantly amplifying the risk of data breaches and unauthorized system modifications.

Cybersecurity researchers point out that systems equipped with ME Firmware versions ranging from 11.0.x.x to 11.20.x.x are susceptible to these vulnerabilities. Intel-based chipsets typically have ME enabled to facilitate both local and remote management, allowing IT units to oversee and maintain hardware irrespective of the operating system’s state. Notably, this management functionality operates independently of user awareness, which poses a considerable threat when left unaddressed.

The implications of these vulnerabilities are dire; since ME has comprehensive access to system memory and network adapters, a successful exploit could allow attackers to orchestrate a full platform takeover. Intel emphasized that an attacker could gain unauthorized access not only to the platform but also to secrets protected by the ME, SPS, or TXE. Furthermore, Intel highlighted scenarios where the execution of unauthorized code could lead to system instability or crashes.

A related vulnerability (CVE-2017-5711) in Intel’s Active Management Technology (AMT) poses additional risks. Here, attackers with remote administrative access could execute malicious code leveraging AMT’s execution privileges. This should be particularly concerning for organizations utilizing vulnerable AMT Firmware versions.

Alarmingly, it appears to be nearly impossible to completely disable the ME feature, which researchers from Positive Technologies have termed “disappointing.” The necessity of ME for crucial operations like initialization and power management makes it a stubborn target for organization-level mitigation efforts.

High-severity vulnerabilities have also been flagged in the Server Platform Service and Trusted Execution Engine. The former is affected by CVE-2017-5706 and CVE-2017-5709, which similarly involve buffer overflows and privilege escalation, while the latter is compromised by CVE-2017-5707 and CVE-2017-5710.

Various Intel processor chipsets, including the 6th through 8th Generation Intel Core processors and the Xeon families, are impacted. In response, Intel has rolled out patches across a dozen CPU generations, urging customers to update their firmware urgently. Administrators are also encouraged to use Intel’s detection tool to confirm if their systems harbor any of the identified vulnerabilities.

With these vulnerabilities posing significant risks to cybersecurity, business owners must prioritize updated protections and stay informed on the evolving landscape of threats. The identification and disclosure of these vulnerabilities underscore the critical importance of rigorous security audits and proactive management in today’s technology-dependent business environment.

Source link