Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Intel Chip Flaws Expose Millions of Devices to Attacks

Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.

Intel has conducted an in-depth security review of its Management Engine (ME), Trusted Execution Engine (TXE) and Server Platform Services (SPS) technologies and discovered several vulnerabilities. The company has released firmware updates, but it could take some time until they reach the millions of devices exposed to attacks due to these flaws.

Intel’s ME solution, which some members of the industry have classified as a backdoor, allows users to remotely manage computers via the Intel Active Management Technology (AMT).

Earlier this year, Embedi researchers discovered a critical privilege escalation vulnerability affecting AMT and some related services, specifically Small Business Technology (SBT) and Standard Manageability. Positive Technologies has also reported finding some potentially serious flaws in ME.

As a result of these findings, Intel has decided to perform a comprehensive security audit of ME, along with two other products. These are TXE, which is designed to ensure that a platform and its operating system are authentic and the OS is running in a trusted environment, and SPS, which allows remote server management.

The review led to the discovery of seven vulnerabilities that can be exploited to impersonate the ME, SPS and TXE services and impact the validity of local security feature attestation, execute arbitrary code without being detected by the user or the operating system, and crash the system or make it unstable.

One of the high severity flaws described in Intel’s advisory, CVE-2017-5705, is a local code execution issue found by Positive Technologies in ME.

According to Intel, ME is also affected by buffer overflows and other types of vulnerabilities that can be exploited for privilege escalation (CVE-2017-5708), local code execution (CVE-2017-5711), and remote code execution (CVE-2017-5712).

The kernel of Intel SPS is impacted by a couple of high severity flaws that can be exploited for local code execution (CVE-2017-5706), and gaining access to privileged content (CVE-2017-5709).

Advertisement. Scroll to continue reading.

As for TXE, the tech giant discovered privilege escalation (CVE-2017-5710) and local code execution (CVE-2017-5707) vulnerabilities that have also been rated high severity.

Intel has not made public any details about the vulnerabilities, but Google security expert Matthew Garrett has shared some thoughts on the possible impact and concluded that the flaws are unlikely to be harmless.

Systems using ME firmware versions 11.0, 11.5, 11.6, 11.7, 11.10 and 11.20, SPS version 4.0, and TXE version 3.0 are impacted. The list of affected products includes some Core, Xeon, Atom, Pentium and Celeron processors, which are found in millions of devices.

Intel has released firmware updates that patch the vulnerabilities, along with a tool that allows users to see if their systems are affected. The company has advised customers to check their system OEMs website for the firmware updates, but, for the time being, only Lenovo appears to have released firmware updates.

Related: “Platinum” Cyberspies Abuse Intel AMT to Evade Detection

Related: Intel Offers Up to $30,000 for Hardware Vulnerabilities

Related: Researchers Use Intel SGX to Conceal Malware, Extract Private Keys

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.