Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

A new set of Intel Management Engine vulnerabilities confirmed

Intel Core i9 processor retail box
Intel Core i9 retail box
Not long after a few security research groups discovered new vulnerabilities in the Intel Management Engine remote administration subsystem, the chipmaker confirmed these issues in a new security advisory that also lists other bugs that were located in its software tools.
Codrut Nistor,
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

According to Intel, the Management Engine subsystem is needed to provide the best performance possible to the computers powered by the company's chips, its tasks running during the boot process and while the computer is running, as well as during its sleep periods. However, various security firms and experts claim that the Intel Management Engine is a serious privacy concern, some going as far as calling it a backdoor. While Intel always denied the backdoor part, the company has recently confirmed multiple vulnerabilities of the subsystem.

The Intel Management Engine apparently runs Minix 3 and, last month, security firm Positive Technologies revealed that a malicious user can gain full remote access to any computer with IME onboard as long as they can access one of the USB ports of those computers. As it usually happens in such cases, they did not completely uncover how to carry out such an attack but said enough for everyone to figure out that this is not just a minor security flaw.

Yesterday, Intel released a new security advisory that comes with the following highlights:

  • bugs in the Trusted Execution Engine hardware authentication tool
  • new vulnerabilities in the Management Engine subsystem
  • bugs in the Server Platform Services server management tool

In addition to the details on the security flaws discovered after the audit that Intel carried out due to the recent discoveries by third parties like Positive Technologies, the company also published a Detection Tool that Windows and Linux users can use to check if the new vulnerabilities impact their systems or not.

These new vulnerabilities can lead to security issues for more than just desktop PC users since the Intel Management Engine also runs on servers, IoT devices, and notebooks. Until now, it seems that only Lenovo managed to come up with firmware updates to take care of these problems (check this page for updates).

Source(s)

static version load dynamic
Loading Comments
Comment on this article
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 
Codrut Nistor
Codrut Nistor - Senior Tech Writer - 5461 articles published on Notebookcheck since 2013
In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2017 11 > A new set of Intel Management Engine vulnerabilities confirmed
Codrut Nistor, 2017-11-21 (Update: 2017-11-22)