Intel discloses several vulnerabilities that affect most of their newest CPUs

Intel discloses several vulnerabilities that affect most of their newest CPUs

DearBytesAlertsIntel discloses several vulnerabilities that affect most of their newest CPUs

What is going on?

Intel has released a security advisory in which they presented the results of an in-depth security review of their Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). Several security vulnerabilities were disclosed that could compromise the system.

Why is this important?

An attacker could exploit one of the vulnerabilities (CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712, CVE-2017-5706, CVE-2017-5709, CVE-2017-5707, CVE-2017-5710) to execute arbitrary code or access privileged content.

According to Intel, the following scenarios are possible :

  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.

Who does this apply to?

This vulnerabilities affect systems with the following processor families:

  • 6th, 7th & 8th Generation Intel Core Processor Family
  • Intel Xeon Processor E3-1200 v5 & v6 Product Family
  • Intel Xeon Processor Scalable Family
  • Intel Xeon Processor W Family
  • Intel Atom C3000 Processor Family
  • Apollo Lake Intel Atom Processor E3900 series
  • Apollo Lake Intel Pentium
  • Celeron N and J series Processors

What can you do?

Together with the security advisory, Intel has released a detection tool that analyses the system for the disclosed vulnerabilities. This tool can be downloaded from their downloads center (https://downloadcenter.intel.com/download/27150) and is available for Windows (7, 8.1, 10) and Linux. Below we present some examples of the tool usage:

 

 

Once it is determined that the system is vulnerable a firmware update needs to be done. To obtain the update the system manufacturer should be contacted.

What has DearBytes done?

At DearBytes we are conducting an internal investigation to determine which of the security appliances we manage are vulnerable.

For more information :