A new set of Intel Management Engine vulnerabilities confirmed

Intel Core i9 processor retail box — Intel Core i9 retail box

Not long after a few security research groups discovered new vulnerabilities in the Intel Management Engine remote administration subsystem, the chipmaker confirmed these issues in a new security advisory that also lists other bugs that were located in its software tools.

Codrut Nistor, Published 11/21/2017

According to Intel, the Management Engine subsystem is needed to provide the best performance possible to the computers powered by the company's chips, its tasks running during the boot process and while the computer is running, as well as during its sleep periods. However, various security firms and experts claim that the Intel Management Engine is a serious privacy concern, some going as far as calling it a backdoor. While Intel always denied the backdoor part, the company has recently confirmed multiple vulnerabilities of the subsystem.

The Intel Management Engine apparently runs Minix 3 and, last month, security firm Positive Technologies revealed that a malicious user can gain full remote access to any computer with IME onboard as long as they can access one of the USB ports of those computers. As it usually happens in such cases, they did not completely uncover how to carry out such an attack but said enough for everyone to figure out that this is not just a minor security flaw.

Yesterday, Intel released a new security advisory that comes with the following highlights:

bugs in the Trusted Execution Engine hardware authentication tool
new vulnerabilities in the Management Engine subsystem
bugs in the Server Platform Services server management tool

In addition to the details on the security flaws discovered after the audit that Intel carried out due to the recent discoveries by third parties like Positive Technologies, the company also published a Detection Tool that Windows and Linux users can use to check if the new vulnerabilities impact their systems or not.

These new vulnerabilities can lead to security issues for more than just desktop PC users since the Intel Management Engine also runs on servers, IoT devices, and notebooks. Until now, it seems that only Lenovo managed to come up with firmware updates to take care of these problems (check this page for updates).

Source(s)

Wired

SplitSpectre threatens both Intel and AMD processors (Source: ZDNet)

The phantom returns: Researchers discover a new Spectre CPU attack, name it SplitSpectre 12/04/2018

It is rumored that an embargo on the details of the flaw are due to be lifted later this month, after patches have been issued. (Source: Intel)

Intel hardware flaw will cause a drop in performance for kernel heavy processes once fixed 01/04/2018

Spyware issues in late 2017 - Ethiopia spying on journalists

Commercial spyware is out of control 12/06/2017

System76 to disable Intel Management Engine on its notebooks 11/30/2017

Yet another Android exploit. (Source: Pixabay)

New Android security flaw allows screen recording without direct user permission 11/18/2017

The Intel-AMD MCM seen on an NUC-style motherboard. (Source: Bits and Chips)

First photos of the new Intel-AMD multi-chip module surface 11/11/2017

Intel's latest 8th generation entrant courts a custom AMD Radeon chip and HBM2 memory on a single package. (Source: Intel)

Rivals with benefits — Intel and AMD collaborate to create a new entrant to the 8th generation CPU family 11/07/2017

Apple may be looking to completely cut Qualcomm components from their products down the line. (Source: iFixit)

Qualcomm alleges Apple shared trade secrets with arch-rival Intel 11/03/2017

Deep digging into the Intel ME firmware has finally enabled security researchers to disable its functioning. (Source: Positive Technologies)

Eureka! The Intel Management Engine can finally be disabled, thanks to the NSA 08/30/2017

Sony developed the educational blockchain using he IBM Cloud and the Hyperledger Fabric 1.0 framework. (Source: Sony)

Sony wants to provide increased cybersecurity for educational institutions through blockchain tech 08/10/2017

The bug affects all Kaby Lake and Skylake chips with Hyperthreading. (Source: Intel)

Serious Hyperthreading bug affects Intel Skylake and Kaby Lake architectures 06/26/2017

Intel to fix bug in 320 Series SSD 08/16/2011

Intel fixes Sandy Bridge chipset issue 02/13/2011

Asus issues apology for shipping defective Intel laptops, gives list of affected models 02/03/2011

Loading Comments

Comment on this article

Promise releases the TD-300 9-in-1 ...

Asus starts shipping the ROG Strix ...

Codrut Nistor - Senior Tech Writer - 6321 articles published on Notebookcheck since 2013

In my early school days, I hated writing and having to make up stories. A decade later, I started to enjoy it. Since then, I published a few offline articles and then I moved to the online space, where I contributed to major websites that are still present online as of 2021 such as Softpedia, Brothersoft, Download3000, but I also wrote for multiple blogs that have disappeared over the years. I've been riding with the Notebookcheck crew since 2013 and I am not planning to leave it anytime soon. In love with good mechanical keyboards, vinyl and tape sound, but also smartphones, streaming services, and digital art.

contact me via: @online_digi, online.digital.craft, LinkedIn

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 11 > A new set of Intel Management Engine vulnerabilities confirmed

Codrut Nistor, 2017-11-21 (Update: 2017-11-22)

A new set of Intel Management Engine vulnerabilities confirmed

Source(s)

Related Articles