Technology content trusted in North America and globally since 1999
7,767 Reviews & Articles | 57,577 News Posts

Intel CPUs have serious bug: vulnerable to remote attacks

Intel issues a new security alert, saying that a large range of its CPUs are vulnerable to remote attacks
By: Anthony Garreffa | CPU, APU & Chipsets News | Posted: Nov 22, 2017 9:34 am

Intel has found itself in seriously hot water, issuing a new security alert that management firmware on a bunch of new PC, server, and Internet-of-Things processor platforms are vulnerable to a remote attack.

 

intel-cpus-serious-bug-vulnerable-remote-attacks_04

 

Mark Ermolov and Maxim Goryachy of Positive Technologies Research found the new vulnerabilities, which could see attackers remotely launching commands on Intel-based computers. We're talking about most desktop and laptop CPUs launched under the Core brand since 2015, and even Xeon and Atom lines of processors.

 

Intel CPUs Affected By Remote Attack Bugs:

 

  • Intel Core processors from the 6th generation ("Skylake"), 7th generation ("Kaby Lake"), & 8th Generation ("Kaby Lake-R" and "Coffee Lake") families-the processors in most desktop and laptop computers since 2015;
  • Multiple Xeon processor lines, including the Xeon Processor E3-1200 v5 & v6 Product Family, Xeon Processor Scalable family, and Xeon Processor W family;
  • The Atom C3000 Processor Family and Apollo Lake Atom Processor E3900 series for networked and embedded devices and Internet of Things platforms, and
  • Apollo Lake Pentium and Celeron™ N and J series Processors for mobile computing.

 

If you want to see if your system is part of the wave of vulnerable to remote attacks, the company has released a detection tool that you can download right here. The tool is built for enterprise users that can throw up a command line tool that generals XML, so don't expect a flashy UI and ease of use.

 

Intel's own security team has said that "in response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience".

 

Intel Management Engine firmware updates v11.0 through to v11.20 were found to have four vulnerabilities, while two more were found in earlier versions of ME. Another two vulnerabilities were discovered in Server Platform Services v4.0 firmware, and another two in TXE v3.0.

 

Partners React

 

Dell has since issued a statement advising that over 100 of their systems are affected, including powerful lines like Inspiron, Latitude, Aliwanre, OptiPlex, and more. Lenovo has also warned its users. Dell is expecting new firmware soon, while Lenovo is said to have something new by tomorrow, November 23.

NEWS SOURCES:Arstechnica.com

Related Tags

Got an opinion on this news? Post a comment below!
loading