Intel

Intel published a security advisory last night detailing eight vulnerabilities that impact core CPU technologies such as the Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE).

The vulnerabilities are severe enough to allow attackers to install rootkits on vulnerable PCs, retrieve data processed inside CPUs, and cause PC crashes —which should be the least of someone's worries.

One of the affected products is the Intel Management Engine, a technology that is often described as a secret CPU inside the main Intel CPU. The ME component runs independently from the user's main OS, with separate processes, threads, memory manager, hardware bus driver, file system, and many other components. An attacker that exploits a flaw and gains control over the Intel ME has untethered control over the entire computer.

The CPU maker has released firmware updates to address these flaws. The updates are not available to the general public, as chipset and motherboard vendors will have to integrate the updates into their own updates. Lenovo has already issued patches for some products that are using vulnerable Intel ME, SPS, or TXE technologies.

Who's affected?

According to Intel, the following Intel ME, SPS, and TXE firmware versions are affected:

ME firmware versions 11.0/11.5/11.6/11.7/11.10/11.20
SPS Firmware version 4.0
TXE version 3.0

According to Intel, the following products incorporate vulnerable firmware versions:

6th, 7th & 8th Generation Intel® Core™ Processor Family
Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
Intel® Xeon® Processor Scalable Family
Intel® Xeon® Processor W Family
Intel® Atom® C3000 Processor Family
Apollo Lake Intel® Atom Processor E3900 series
Apollo Lake Intel® Pentium™
Celeron™ N and J series Processors

Intel has released a tool for Windows and Linux users that checks and reports if users' computers are affected. On Windows, users should run the Intel-SA-00086-GUI.exe file to view scan results (image below).

Intel-SA-00086 Detection Tool

Vulnerabilities breakdown

Intel® Manageability Engine Firmware 11.0.x.x/11.5.x.x/11.6.x.x/11.7.x.x/11.10.x.x/11.20.x.x

CVE ID

CVE Title

CVSSv3 Vectors

CVE-2017-5705

Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.

8.2 High

CVE-2017-5708

Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.

7.5 High

CVE-2017-5711

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

6.7 Moderate

CVE-2017-5712

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

7.2 High

Intel Manageability Engine Firmware 8.x/9.x/10.x*

CVE ID

CVE Title

CVSSv3 Vectors

CVE-2017-5711*

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.

6.7 Moderate

CVE-2017-5712*

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.

7.2 High

Server Platform Service 4.0.x.x

CVE ID

CVE Title

CVSSv3 Vectors

CVE-2017-5706

Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.

CVSS 8.2 High

CVE-2017-5709

Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.

CVSS 7.5 High

Intel Trusted Execution Engine 3.0.x.x

CVE ID

CVE Title

CVSSv3 Vectors

CVE-2017-5707

Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.

CVSS 8.2 High

CVE-2017-5710

Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.

CVSS 7.5 High 

Earlier this year, in May, Intel patched another bug in Intel ME, a remote code execution flaw that affected ME components such as such as Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

In the past, a malware family that used Intel ME's Active Management Technology (AMT) Serial-over-LAN (SOL) interface was deployed in cyber-espionage operations by the PLATINUM APT.

Related Articles:

Spectre and Meltdown Hardware Protection Added to Intel's 9th Gen CPUs

The Intel Microcode Boot Loader Protects Older CPUs From Spectre

New PortSmash Hyper-Threading CPU Vuln Can Steal Decryption Keys

WordPress Security Patch Addresses Privacy Leak Bug

Microsoft December 2018 Patch Tuesday Fixes Actively Used Zero-Day Vulnerability