Notebookcheck Logo

A new set of Intel Management Engine vulnerabilities confirmed

Intel Core i9 processor retail box
Intel Core i9 retail box
Not long after a few security research groups discovered new vulnerabilities in the Intel Management Engine remote administration subsystem, the chipmaker confirmed these issues in a new security advisory that also lists other bugs that were located in its software tools.

According to Intel, the Management Engine subsystem is needed to provide the best performance possible to the computers powered by the company's chips, its tasks running during the boot process and while the computer is running, as well as during its sleep periods. However, various security firms and experts claim that the Intel Management Engine is a serious privacy concern, some going as far as calling it a backdoor. While Intel always denied the backdoor part, the company has recently confirmed multiple vulnerabilities of the subsystem.

The Intel Management Engine apparently runs Minix 3 and, last month, security firm Positive Technologies revealed that a malicious user can gain full remote access to any computer with IME onboard as long as they can access one of the USB ports of those computers. As it usually happens in such cases, they did not completely uncover how to carry out such an attack but said enough for everyone to figure out that this is not just a minor security flaw.

Yesterday, Intel released a new security advisory that comes with the following highlights:

  • bugs in the Trusted Execution Engine hardware authentication tool
  • new vulnerabilities in the Management Engine subsystem
  • bugs in the Server Platform Services server management tool

In addition to the details on the security flaws discovered after the audit that Intel carried out due to the recent discoveries by third parties like Positive Technologies, the company also published a Detection Tool that Windows and Linux users can use to check if the new vulnerabilities impact their systems or not.

These new vulnerabilities can lead to security issues for more than just desktop PC users since the Intel Management Engine also runs on servers, IoT devices, and notebooks. Until now, it seems that only Lenovo managed to come up with firmware updates to take care of these problems (check this page for updates).


static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 11 > A new set of Intel Management Engine vulnerabilities confirmed
Codrut Nistor, 2017-11-21 (Update: 2017-11-22)