Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update

Haythem Elmir 6 ans ago
0 1
Read Time1 Minute, 47 Second

 

Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Intel ID: INTEL-SA-00086
Product family: Various
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Nov 20, 2017
Last revised: Nov 22, 2017


Summary:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.

As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.

Description:

In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.

As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.
Affected products:

 

  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).

This includes scenarios where a successful attacker could:

  • Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
  • Load and execute arbitrary code outside the visibility of the user and operating system.
  • Cause a system crash or system instability.
  • For more information, please see this Intel Support article

To read the original article:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

About Post Author

Haythem Elmir

haythem.elmir@keystone.tn
http://ww.cyber.tn
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
100 %

Average Rating

5 Star
0%
4 Star
0%
3 Star
0%
2 Star
0%
1 Star
0%
(Add your review)

Laisser un commentaire

Next Post

Remotely Exploitable Flaw Found In HP Enterprise Printers—Patch Now

jeu Nov 23 , 2017
Security researchers have discovered a potentially dangerous vulnerability in the firmware of various Hewlett Packard (HP) enterprise printer models that could be abused by attackers to run arbitrary code on affected printer models remotely. The vulnerability (CVE-2017-2750), rated as high in severity with 8.1 CVSS scale, is due to insufficiently […]

You May Like