The Intel Corporation has identified eight separate vulnerabilities in its Management Engine (ME), Server Platform Services (SPS) and Trusted Execution Engine (TXE). These vulnerabilities have the potential to affect any devices that make use of Intel’s affected processors, including PCs, servers and IoT platforms. Successful exploitation of these vulnerabilities may allow for elevation of privileges, remote admin access, unauthorized code execution or it may cause systems to crash or become unstable.

 

What you should do about it

  • System administrators should use the downloadable detection tool provided by Intel to check for affected products [1].
  • After completing a business impact review, apply manufacturer updates as they become available.

 

Additional information

These vulnerabilities are not currently being exploited in the wild. Any successful attack that exploits these vulnerabilities would require an advanced skill level.

For a full list of CVEs and addition technical details, please see below [2]:

Affected Products:

  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

 

Affected Version

  • ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20
  • SPS Firmware version 4.0
  • TXE version 3.0

 

Additional Sources

[1]https://downloadcenter.intel.com/download/27150

[2]https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

If you have any questions please contact the eSentire Security Operations Center.

eSentire Media Contacts

Mandy Bachus | eSentire | [email protected] | +1 519.651.2200 x5226 | @MandyBachus

Angela Tuzzo | MRB Public Relations | [email protected]b-pr.com | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk