Intel published a security advisory yesterday detailing security vulnerabilities in the firmware of the company's Management Engine, Server Platform Services, and Trusted Execution Engine.
A wide range of Intel processor families and products are affected by these issues, including 6th, 7th and 8th generation Intel Core processors, Intel Xeon processors, Intel Atom processors, Apollo Lake processors and Intel Celeron processors.
Basically, systems using Management Engine firmware versions 11.0, 11.5, 11.7, 11.10, and 11.20, Server Platform Engine firmware version 4.0, and Trusted Execution Engine version 3.0 are impacted by the vulnerabilities.
Attackers may exploit security vulnerabilities to gain unauthorized access to affected systems. Potential scenarios include running code outside the visibility of the operating system or user context, causing system instabilities or crashes, or impacting local security feature attestation validity.
Intel released a detection tool which you may download from this web page. It is available for Windows 7 and newer versions of Windows, and for Linux.
The program runs a quick scan and returns its findings afterwards. It highlights whether the system is vulnerable, and displays the Intel product and its firmware version as well.
There is nothing that users can do to the system directly to fix the vulnerability. Intel notes that it is up to OEMs and manufacturers to release updates for their products to fix the security issues.
What that means is the following: If you have bought a PC from a manufacturer like Dell, Lenovo, HP or any other PC manufacturer, you need to wait for them to release updates that address the issue.
Intel lists links to support information on this support article. The company will update links to manufacturers when updates are released by them. Currently, links are available for Dell and Lenovo customers.
Update: Now includes links to Acer, Fujitsu, HPE, and Panasonic as well.
Users who built a PC by themselves, changed the motherboard, or bought a pre-assembled PC using custom parts, need to consult the motherboard manufacturer instead.
Judging from past vulnerabilities and patching activity, it seems very likely that manufacturers won't release updates for some systems and motherboards. Since Intel prevents direct access to affected features, these systems will remain vulnerable throughout their lifetime.
This is not the first issue that affected Intel's Management Engine. The EFF published a detailed account on that back in May 2017 for instance, urging Intel to provide the means to give administrators and users options to disable or limit the Management Engine.
Now You: Is your system affected?
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.