0
1
In past few months, several research groups have uncovered vulnerabilities in the Intel remote administration feature known as the Management Engine (ME) which could allow remote attackers to gain full control of a targeted computer.
Now, Intel has admitted that these security vulnerabilities could « potentially place impacted platforms at risk. »
The popular chipmaker released a security advisory on Monday admitting that its Management Engine (ME), remote server management tool Server Platform Services (SPS), and hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple severe security issues that place millions of devices at risk.
The most severe vulnerability (CVE-2017-5705) involves multiple buffer overflow issues in the operating system kernel for Intel ME Firmware that could allow attackers with local access to the vulnerable system to « load and execute code outside the visibility of the user and operating system. »
The chipmaker has also described a high-severity security issue (CVE-2017-5708) involving multiple privilege escalation bugs in the operating system kernel for Intel ME Firmware that could allow an unauthorized process to access privileged content via an unspecified vector.
Systems using Intel Manageability Engine Firmware version 11.0.x.x, 11.5.x.x, 11.6.x.x, 11.7.x.x, 11.10.x.x and 11.20.x.x are impacted by these vulnerabilities.
For those unaware, Intel-based chipsets come with ME enabled for local and remote system management, allowing IT administrators to remotely manage and repair PCs, workstations, and servers within their organization.
As long as the system is connected to a line power and a network cable, these remote functions can be performed out of band even when the computer is turned off as it operates independently of the operating system.
Since ME has full access to almost all data on the computer, including its system memory and network adapters, exploitation of the ME flaws to execute malicious code on it could allow for a complete compromise of the platform.
« Based on the items identified through the comprehensive security review, an attacker could gain unauthorised access to the platform, Intel ME feature, and third party secrets protected by the ME, Server Platform Service (SPS), or Trusted Execution Engine (TXE), » Intel said.
Besides running unauthorized code on computers, Intel has also listed some attack scenarios where a successful attacker could crash systems or make them unstable.
Another high-severity vulnerability involves a buffer overflow issue (CVE-2017-5711) in Active Management Technology (AMT) for the Intel ME Firmware that could allow attackers with remote Admin access to the system to execute malicious code with AMT execution privilege.
To read the original article:
