Intel said in a security advisory Monday that flaws found on its management engine, server platform services and trusted execution engine have left millions of desktop and server chips vulnerable.
The vulnerabilities enable attackers to potentially extract confidential and critical information from servers or computers’ memories, load and execute arbitrary code outside the visibility of the user, or cause a system to crash.
At the heart of the critical flaw is Intel’s Management Engine. This tool, which is part of the chip company’s vPro enterprise management suite, enables administrators to access servers or workstations remotely for required fixes in enterprises.
According to Santa Clara, Calif.-based Intel, several processor chipsets are impacted by the flaws, including sixth-, seventh-and eighth-generation Core processors; the Xeon E3-1200 v5 and v6 processors; Xeon Scalable processors; Atom C300 processors; and Apollo Lake Atom E3900 processors.
Intel released a detection tool to enable Windows and Linux administrators to check if their systems are vulnerable. Intel has also issued patches but beyond that, OEMs will need to create and distribute their own customized patches, the company said.
“We haven’t heard too much on this from Intel or customers. We’re working with Intel to get more details about the patch and the risk, then we’ll know more about how to proceed in terms of what to communicate,” said one Intel partner who wished to remain anonymous.
Intel has faced security issues with the remote management features of its vPro processors, saying in May that a security flaw in its Active Management Technology, Intel Small Business Technology and Intel Standard Manageability technology could allow attackers to gain control of the manageability features in these products.
Kent Tibbils, vice president of marketing at ASI, a Fremont, Calif.-based Intel systems builder, said that remote access is a big feature for those selling vPro to SMB customers.
“We would … recommend that customers perform the firmware updates provided by Intel if they have the versions that are vulnerable,” he said.