Semiconductors and technology giant Intel has issued a security alert about a security vulnerability in its Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE).
The company discovered four vulnerabilities for ME from version 11.0 to 11.20 along with two more in earlier versions. This was not all as the company discovered two more in SPS version 4.0 and two vulnerabilities in TXE version 3.0. The company mentioned that a number of its PC, server and Internet-of-Things processor platforms are vulnerable to a remote attack.
The company mentioned in detail that most severe of the issues were discovered by security researchers Mark Ermolov and Maxim Goryachy from Positive Technologies Research. The company thanked both of them for working in collaboration and coordination with Intel to disclose the details about the initial vulnerabilities. According to a report by ArsTechnica, ‘remote attackers could launch commands’ on a number of Intel-powered systems.
The vulnerability goes back to the systems shipped since 2015. The hackers could gain access to ‘privileged system information’ and they could take over millions of computer systems as the result of a bug. Intel stated that most of the vulnerabilities discovered needed physical access to the systems but one of the vulnerability allowed remote attacks along with administrator access.
Intel has released a ‘detection tool’ on its support website for Windows and Linux platforms so that users on these platforms can check if their systems are affected by the vulnerabilities. This detection tool is meant for enterprises and businesses to do a ‘widespread check.’ The vulnerabilities are affecting the Intel Core 6th generation Skylake, 7th generation Kaby Lake, 8th generation Kaby Lake-R and Coffee Lake, Xeon Processor E3-1200 v5, and v6 family, Xeon Scalable family, Xeon W family, Atom C3000 family, Apollo Lake Atom E3900 series, Apollo Lake Pentium and Celeron N and J series, and other networked and embedded devices along with Internet of Things platforms.
After the announcement by Intel, Dell and Lenovo have posted a list of systems that are affected by the vulnerabilities. According to the report, the list by Dell includes more than 100 affected systems. Lenovo has developed the new firmware and is hoping to roll it out by 23 November while Dell is still figuring out the shipping dates for the patched software. In addition, HP and other vendors have completed the patches and preparing them for distribution.