News and Events

Intel CPU vulnerabilities highlighted

Posted in:

By Brian Cowan

In May 2017 Intel made public that security vulnerabilities had been discovered in some of their server and desktop processors. This week has seen a further announcement that highlighted the scale of the problem.

Intel CPU Advisory INTEL-SA-00075

Released at the beginning of May and updated later the same month, this advisory notice flagged that a vulnerability had been discovered in the on board management of some cpu models. This could allow an unprivileged attacker to take control of the manageability features on certain products.

The advisory stated that there were 2 ways that the vulnerability could be accessed by an attacker.

  • An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
    • CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
    • CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

News of the vulnerability was distributed to the major Server and PC vendors and remedial firmware updates provided.

 

Intel CPU advisory INTEL-SA-00086

Now in November, further flaws in Intel CPU security have been announced. These came to light through researchers at Positive Technologies Research who discovered vulnerabilities in a wide range of the latest processors.

The problem resides in the Intel Management Engine (ME). This is a chip that runs an independent computer within a customer’s server or PC. It provides remote administration services that allow increased manageability and support services to be applied. Unfortunately, the vulnerabilities identified suggest that under the right circumstances, an attacker could take advantage of this access and take control of the the machine or inject malware.

It is important to point out that there are no incidents reported at this time that can be attributed to this vulnerability. However, it has been deemed serious enough for the US Government to issue a warning to businesses about the problem according to Reuters.

Who or what is affected?

These chips are generic across the Intel server and desktop marketplace, irrespective of the operating system. Both Microsoft Windows and Linux users are advised to check their systems to see if this applies to them, Intel has issued a tool that detects whether the vulnerability is present. It can be downloaded here.

If you detect the Intel CPU vulnerability your first port of call is your hardware vendor. They will be publishing firmware updates to address the problem so check out their support portals. For example:

Dell Client (Desktop) systems – information

Dell Server systems – information

For further information, please call Keytech on 01942-311150 or email info@keytech.co.uk

              

22 Nov 2017

Contact Us

Keytech, 3 Smithy Court, Wigan WN3 6PS

Head Office: 01942 311 150

Service Desk: 01942 311 151

Email: info@keytech.co.uk

Newsletter

Submit

Book Your FREE Demo Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Request a CALLBACK

Simply fill out the form below we will be back in touch as soon as we can!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Download a FREE Best Practice Guide Document

Simply fill out the form below and you’ll receive our B&BC Best Practice Guide straight to your inbox!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Product Demo

Product includes:

  • Overview of the technology used
  • Live backup demonstration
  • Live recovery demonstration
  • Q & A session

Request a Demo

Simply fill out the form below and we’ll be in touch to arrange your free demo.

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Backup Assessment

Assessment includes:

  • Summary of all the servers within the network
  • Summary of all the workstations within the network
  • Assessment of critical data and applications
  • Bandwidth speed test & offsite backup assessment
  • Recommended BDR solution

Backup Assessment

View sample report

Request a Callback

Simply fill out the form below and we’ll give you a call to
discuss your requirements further

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Book Your FREE Trial Today!

Simply fill out the form below and we’ll get in touch to arrange an appointment

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Download a FREE Best Practice Guide Document

Simply fill out the form below and you’ll receive our Infrastructure Optimisation Best Practice Guide straight to your inbox!

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields

Infrastructure Assessment

Assessment includes:

  • Non-intrusive
  • Runs for as little as 1 day or for up to 7 days
  • Identify and remediate issues
  • Generates performance and capacity reports
  • Maximise utilisation with capacity monitoring analytics
  • Assessment Playback by Keytech Consultant

View sample report

Request a Callback

Simply fill out the form below and we’ll give you a call to
discuss your requirements further

We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.

*Mandatory Fields
We will send you an email with a confirmation link which you must follow to recieve these updates.
We will only contact you in relation to latest news & updates that we think will be of interest to you.
We will not disclose your information to any third party and you can unsubscribe from our database at any time.


*Mandatory Fields