By Brian Cowan
In May 2017 Intel made public that security vulnerabilities had been discovered in some of their server and desktop processors. This week has seen a further announcement that highlighted the scale of the problem.
Intel CPU Advisory INTEL-SA-00075
Released at the beginning of May and updated later the same month, this advisory notice flagged that a vulnerability had been discovered in the on board management of some cpu models. This could allow an unprivileged attacker to take control of the manageability features on certain products.
The advisory stated that there were 2 ways that the vulnerability could be accessed by an attacker.
- An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
- CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
- CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
News of the vulnerability was distributed to the major Server and PC vendors and remedial firmware updates provided.
Intel CPU advisory INTEL-SA-00086
Now in November, further flaws in Intel CPU security have been announced. These came to light through researchers at Positive Technologies Research who discovered vulnerabilities in a wide range of the latest processors.
The problem resides in the Intel Management Engine (ME). This is a chip that runs an independent computer within a customer’s server or PC. It provides remote administration services that allow increased manageability and support services to be applied. Unfortunately, the vulnerabilities identified suggest that under the right circumstances, an attacker could take advantage of this access and take control of the the machine or inject malware.
It is important to point out that there are no incidents reported at this time that can be attributed to this vulnerability. However, it has been deemed serious enough for the US Government to issue a warning to businesses about the problem according to Reuters.
Who or what is affected?
These chips are generic across the Intel server and desktop marketplace, irrespective of the operating system. Both Microsoft Windows and Linux users are advised to check their systems to see if this applies to them, Intel has issued a tool that detects whether the vulnerability is present. It can be downloaded here.
If you detect the Intel CPU vulnerability your first port of call is your hardware vendor. They will be publishing firmware updates to address the problem so check out their support portals. For example:
Dell Client (Desktop) systems – information
Dell Server systems – information
For further information, please call Keytech on 01942-311150 or email firstname.lastname@example.org