Intel identifies major security flaw; most systems from 2015 onwards are vulnerable

Intel’s CPU have an onboard Management Engine (ME) which performs tasks behind the scenes all the time the CPU is powered. The ME putters along without the user’s knowledge, having access to all the CPU’s resources and even the Internet. Sounds creepy? Well, it gets worse. Intel has just acknowledged a new slew of security issues involving the Intel ME.

Intel listed a series of scenarios that could happen if an attacker gained access to your ME.

1. Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
2. Load and execute arbitrary code outside the visibility of the user and operating system.
3. Cause a system crash or system instability.

The list of affected CPUs is rather huge, involving most CPUs released since 2015. Many product families ranging from the consumer-class Celeron, Pentium and Intel Core series all the way to the enterprise-class Xeon processors are affected.

• 6th, 7th & 8th Generation Intel® Core™ Processor Family
• Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
• Intel® Xeon® Processor Scalable Family
• Intel® Xeon® Processor W Family
• Intel® Atom® C3000 Processor Family
• Apollo Lake Intel® Atom Processor E3900 series
• Apollo Lake Intel® Pentium™
• Celeron™ N and J series Processors

Intel offers the Intel SA-00086 Detection Tool for you to identify if your system is vulnerable. As I am running an 4th Gen “Haswell” Intel Core i7 in my laptop, I am unaffected by this issue. You can download the tool here.

There is currently no way of disabling the ME to prevent hackers from accessing it, nor has Intel provided a patch directly for end users. Consumers will have to look to their hardware vendors for patches to the firmware. Check the below support information pages for your respective manufacturers:

• Acer: Support Information
• Dell Client: Support Information
• Dell Server: Support Information
• Fujitsu: Support Information
• HPE Servers: Support Information
• Intel® NUC, Intel® Compute Stick, and Intel® Compute Card: Support Information
• Lenovo: Support Information
• Panasonic: Support Information

You will most probably have to manually download the patch and install it yourself. If you find yourself reading this, consider yourself lucky. What about those who may have not read about this? Their systems will be exposed to attacks. Why does Intel even have an OS running under your OS anyway?

Source: Intel Security Center

Pokdepinion: Perhaps we all just need more reason to jump ship to AMD?