Intel Fixes Critical Bugs in Management Engine, Its Secret CPU-On-Chip [source:bleepingcomputer]
by CIRT Team
Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE).
The vulnerabilities are severe enough to allow attackers to install rootkits on vulnerable PCs, retrieve data processed inside CPUs, and cause PC crashes —which should be the least of someone’s worries.
One of the affected products is the Intel Management Engine, a technology that is often described as a secret CPU inside the main Intel CPU. The ME component runs independently from the user’s main OS, with separate processes, threads, memory manager, hardware bus driver, file system, and many other components. An attacker that exploits a flaw and gains control over the Intel ME has untethered control over the entire computer.
The CPU maker has released firmware updates to address these flaws. The updates are not available to the general public, as chipset and motherboard vendors will have to integrate the updates into their own updates. Lenovo has already issued patches for some products that are using vulnerable Intel ME, SPS, or TXE technologies.
For more, click here.