According to the alarm raised and the ME bugs revealed by external security researchers, Intel has confirmed its processor families including the latest generation Intel Core all has the vulnerability, which left millions of devices exposed.
World’s largest semi-conductor company and chipmaker, Intel, this week issued a security advisory, after the company conducted an in-depth, comprehensive security audit of its ME, TXE and SPS, and the security review was performed with the goal to enhance firmware resilience. Intel released the security advisory to warm its customers the new vulnerabilities and bugs founded in its firmware.
In the advisory, the company said it has founded out new vulnerabilities in firmware of Management Engine (ME) as well as the bugs in Trusted Execution Engine (TXE), its hardware authentication tool, and Server Platform Services (SPS) its remote server management tool. Besides, in the notice, Intel also mentioned that the new vulnerabilities and bugs are founded across its latest-gen Intel Core as well as other processor families and products.
Even worse, the company has found that the sixth, seventh and eighth generations of Intel Core processors are mostly affected, and its Featured products Xeon processors, Apollo Lake, Celeron processors and Atom processors are affected as well.
More specifically, the chipmaker also confirmed that there are a series of versions of firmware are compromised, including 11.20, 11.10, 11.7, 11.5, and 11.0. What’s more, its version 3.0 of TXE and version 4.0 of SPS firmware are impacted.
According to Intel, because its ME has the extensive access to as well as control over the major system processors, the new vulnerabilities in ME could give hackers a powerful jumping-off point to access the affected systems even without any user knowledge. Then, hackers could have the right to rung malicious codes when they have no idea about the OS knowing. Besides, there is the possibility of the attacks which could lead to system crashes or local security changed.
What Response Intel Takes
As Intel released the security notice, it also offered a Detection Tool to respond to new vulnerabilities, and the tool can work for both Linux and Windows and note that for Windows users, the detection tool is available for all versions from Win 7. If users can get it, they can run a system scanning and check out if they are exposed or their systems are vulnerable.
However, there is bad news that the detection tool can do nothing but only perform the system scanning. The company said that OEMs has the mission to release the updates to patch all issues and it will not offer any fix at present.
There is good news for users that researchers have found that most vulnerabilities in Intel’s products and processors have to use the local access to start attacks.