Intel ME, SPS, and TXE Patched After Discovery of Vulnerabilities

Intel has released a security advisory on November 20 after discovering vulnerabilities in its remote administrative feature called the Management Engine (ME), along with the Server Platform Services (SPS) and the Trusted Execution Engine (TXE). Intel was able to verify that the vulnerabilities in the abovementioned products could potentially impact certain PCs, servers, and IoT platforms. Customers are advised to patch their impacted systems.

The ME Firmware is built using a Unix-like operating system called MINIX, a tool developed by Andrew Tanenbaum to demonstrate operating system programming. The firmware lets network administrators remotely manage a large number of devices, but it has been scrutinized by security researchers for years because it requires deep system access that offers a tempting target for attackers. An attacker who successfully leverages the MME Firmware could take full control of an affected computer. Since the ME Firmware is also a standalone microprocessor, an attacker could exploit it without being detected by the operating system.

Here are the affected products: 

  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

After going through a comprehensive security review, Intel found out that an attacker could gain unauthorized access to the Intel® ME feature and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE). A successful attacker could impersonate the ME, SPS, and TXE, load and execute arbitrary code outside the visibility of the user and operating system, and cause a system crash or system instability.

Intel also disclosed a list of CVEs in the advisory. CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, and CVE-2017-5712 comprise the CVE IDs for the ME Firmware versions 11.0, 11.5, 11.6, 11.7, 11.10, and 11.20. CVE-2017-5711 and CVE-2017-5712 were also discovered in ME Firmware 8, 9, and 10. SPS Firmware version 4.0 is affected by CVE-2017-5706 and CVE-2017-5709, while the TXE version 3.0 has CVE-2017-5707 and CVE-2017-5710.

Intel has released a detection tool that can analyze the system for the vulnerabilities and recommends checking with your system OEM for updated firmware. System manufacturer pages concerning this security issue can be found here. Intel recommends that all customers patch their firmware with the updated one.
HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.

Опубликовано в Vulnerabilities & Exploits