In past few months, several research groups have uncovered vulnerabilities inside Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer.
at that will point, Intel has admitted that will these security vulnerabilities could “potentially place impacted platforms at risk.”
The common chipmaker released a security advisory on Monday admitting that will its Management Engine (ME), remote server management tool Server Platform Services (SPS), in addition to hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple severe security issues that will place millions of devices at risk.
The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues inside operating system kernel for Intel ME Firmware that will could allow attackers with local access to the vulnerable system to “load in addition to execute code outside the visibility of the user in addition to operating system.“
The chipmaker has also described a high-severity security issue (CVE-2017-5708) involving multiple privilege escalation bugs inside operating system kernel for Intel ME Firmware that will could allow an unauthorized process to access privileged content via an unspecified vector.
Systems using Intel Manageability Engine Firmware type 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x in addition to 11.20.x.x are impacted by these vulnerabilities.
For those unaware, Intel-based chipsets come with ME enabled for local in addition to remote system management, allowing the item administrators to remotely manage in addition to repair PCs, workstations, in addition to servers within their organization.
As long as the system can be connected to a line power in addition to a network cable, these remote functions can be performed out of band even when the computer can be turned off as the item operates independently of the operating system.
Since ME has full access to almost all data on the computer, including its system memory in addition to network adapters, exploitation of the ME flaws to execute malicious code on the item could allow for a complete compromise of the platform.
“Based on the items identified through the comprehensive security review, an attacker could gain unauthorised access to the platform, Intel ME feature, in addition to third party secrets protected by the ME, Server Platform Service (SPS), or Trusted Execution Engine (TXE),” Intel said.
Besides running unauthorized code on computers, Intel has also listed some attack scenarios where a successful attacker could crash systems or make them unstable.
Another high-severity vulnerability involves a buffer overflow issue (CVE-2017-5711) in Active Management Technology (AMT) for the Intel ME Firmware that will could allow attackers with remote Admin access to the system to execute malicious code with AMT execution privilege.
AMT for Intel ME Firmware versions 8.x, 9.x, 10.x, 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x in addition to 11.20.x.x are impacted by that will vulnerability.
The worst part can be that will the item’s almost impossible to disable the ME feature to protect against possible exploitation of these vulnerabilities.
“The disappointing fact can be that will on modern computers, the item can be impossible to completely disable ME,” researchers coming from Positive Technologies noted in a detailed blog post published late August. “that will can be primarily due to the fact that will that will technology can be responsible for initialization, power management, in addition to launch of the main processor.”
various other high severity vulnerabilities impact TXE type 3.0 in addition to SPS type 4.0, leaving millions of computers with the feature at risk. These are described as:
High Severity Flaws in Server Platform Service (SPS)
- CVE-2017-5706: that will involves multiple buffer overflow issues inside operating system kernel for Intel SPS Firmware that will could allow attackers with local access to the system to execute malicious code on the item.
- CVE-2017-5709: that will involves multiple privilege escalation bugs inside operating system kernel in Intel SPS Firmware that will could allow an unauthorized process to access privileged content via an unspecified vector.
Both the vulnerabilities impact Intel Server Platform Services Firmware 4.0.x.x.
High Severity Flaws in Intel Trusted Execution Engine (TXE)
- CVE-2017-5707: that will issue involves multiple buffer overflow flaws inside operating system kernel in Intel TXE Firmware that will allow attackers with local access to the system to execute arbitrary code on the item.
- CVE-2017-5710: that will involves multiple privilege escalation bugs inside operating system kernel in Intel TXE Firmware that will allow an unauthorized process to access privileged content via an unspecified vector.
Both the vulnerabilities impact Intel Trusted Execution Engine Firmware 3.0.x.x.
Affected Intel Products
Below can be the list of the processor chipsets which include the vulnerable firmware:
- 6th, 7th in addition to 8th Generation Intel Core processors
- Xeon E3-1200 v5 in addition to v6 processors
- Xeon Scalable processors
- Xeon W processors
- Atom C3000 processors
- Apollo Lake Atom E3900 series
- Apollo Lake Pentiums
- Celeron N in addition to J series processors
Intel has issued patches across a dozen generations of CPUs to address these security vulnerabilities that will affect millions of PCs, servers, in addition to the internet of things devices, in addition to can be urging affected customers to update their firmware as soon as possible.
The chipmaker has also published a Detection Tool to help Windows in addition to Linux administrators check if their systems are exposed to any threat.
The company thanked Mark Ermolov in addition to Maxim Goryachy coming from Positive Technologies Research for discovering CVE-2017-5705 in addition to bringing the item to its attention, which forced the chipmaker to review its source code for vulnerabilities.