Home Intel patches new vulnerabilities in its Management Engine
News

Intel patches new vulnerabilities in its Management Engine

Wayne Manion
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

The last year has not been Intel's best from a PC security perspective. Positive Technologies recently announced that PCs built with Intel processors going back to 2015's Skylake chips could be exploited through the computers' USB ports thanks to vulnerabilities in the CPUs' Minix-based Management Engine (ME) subsystem. The blue silicon giant has now acknowledged the problems and announced the availability of patches for motherboard and system makers to integrate into future BIOS updates.

Intel's statement indicates that "an attacker could gain unauthorized access to platform, [the] Intel ME feature, and third-party secrets protected by the Intel Management Engine, Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE)." That access could let an attacker "load and execute arbitrary code outside the visibility of the user and operating system," impersonate the ME, SPS or TXE to gain access to user data, or simply crash a system.

The company says it has reviewed and updated its Management Engine (versions 11.0 to 11.20), Server Platform Services (SPS) version 4.0, and Trusted Execution Engine version 3.0 in order to improve "firmware resilience." The list of affected products includes:

  • Sixth-, seventh-, and eight-generation Intel Core Processor family
  • Intel Xeon Processor E3-1200 v5 and v6 product family
  • Intel Xeon Processor Scalable family
  • Intel Xeon Processor W family
  • Intel Atom C3000 Processor family
  • Apollo Lake Intel Atom Processor E3900 series
  • Apollo Lake Intel Pentium
  • Celeron N- and J- series Processors

End users will have to wait for motherboard and system makers to integrate Intel's updates into BIOS updates in order to protect their machines. Gigabyte has announced that it has begun the work of updating its motherboard BIOS software, starting with its Z370 and Z270 boards. We expect that updates from ASRock, Asus, MSI, and others will come shortly. Intel's statement on the matter has more specific information about the nature of the security flaws. The company has a tool for Windows and Linux for users to determine if their system is vulnerable to these attacks.

This isn't the first time Intel's platform management features have given it headaches this year. Flaws in the company's Active Management Technology suite were discovered back in May. Security-focused laptop maker Purism eventually gained attention by offering its Librem series of laptops with Intel's Management Engine firmware disabled. A short time later, Google announced that it would also disable ME on its servers in an effort to prevent hackers from exploiting any flaws in the ME firmware.

Latest News

SpaceX Is Building A Network Of 100 Spy Satellites For The US
News

SpaceX Is Building A Network Of 100 Spy Satellites For The US Government 

IMF Shared An Update About The February Security Breach
News

IMF Shared An Update About The February Security Breach; All Affected Email Accounts Resecured

The International Monetary Fund (IMF) on Friday shared an update about a cyberattack that breached 11 email accounts from the organization on February 16, 2024. A spokesperson said that they...

Taylor Swift in concert
Statistics

9 Taylor Swift Controversies – The Numbers Behind the Drama

The 14-times Grammy Winner Taylor Swift, known for her catchy tunes, heartfelt lyrics, and meteoric rise to fame, has not only captured the hearts of millions around the globe but...

What is Darwin AI, Apple’s Latest AI Acquisition?
News

What is Darwin AI, Apple’s Latest AI Acquisition?

Cyberattack On France Govt Exposes Data of 43 Million Users
News

Massive Cyberattack On France Government Departments Leaves The Data of 43 Million Users Exposed 

Reddit Receives An Inquiry From FTC About Its AI-Related Deals 
News

Reddit Receives an Inquiry Request from FTC about Its AI-Related Deals

Tim Cook Lied to Shareholders — Costs Apple $490 Million
News

Tim Cook Lied to Shareholders – Costs Apple $490 Million