Intel Patches Vulnerabilities in Management Engine on Various Processors
Intel has published a security warning in which the chipmaker addresses vulnerabilities in, among other things, its Management Engine from version 11. An attacker could exploit the vulnerabilities to execute code without users noticing.
The vulnerabilities also occur in Intel’s Server Platform Services and Trusted Execution Engine outside the Management Engine, the company warns. Core processors from the Skylake generation have been affected, along with Xeon, Atom and Celeron CPUs. These are four vulnerabilities in the Management Engine from version 11, of which CVE-2017-5705 received the highest risk score. This vulnerability allows a local attacker to execute arbitrary code through a buffer overflow. Another vulnerability, CVE-2017-5712, can be used remotely to execute code, but only by an attacker with administrative access. In total, there are ten vulnerabilities, most of which require local access.
according to Google security researcher Matthew Garrett is unable to estimate the seriousness of the vulnerabilities based on information published by Intel. According to Intel, the leaks could affect PCs, servers and Internet-of-things devices. The chipmaker publishes an overview of software versions in which the leaks have been removed. In addition, the company has published a detection tool for Windows and Linux users, which allows users to determine if they are vulnerable. According to Intel’s overview, Lenovo now has patches available.
Intel attributes the discovery of the leaks to its own analysis following research by the company Positive Technologies, which has been involved in research into the Management Engine for some time. The company’s researchers plan to demonstrate an attack at a security conference in December that will involve running unsigned code on the Platform Controller Hub on any motherboard that supports Skylake or later. In addition, the system remains stable, so that a target does not have to notice anything. Malware that uses this technique can persist despite reinstallations or bios updates.
The Intel Management Engine is a separate microcontroller that is part of the Platform Controller Hub, or pch, of Intel CPUs, which accesses communication between the CPU and peripherals. This separate processor works separately from the CPU itself and is therefore accessible when the CPU itself is turned off. According to the researchers, if malicious parties gain access to the Management Engine, this means that a system can be completely taken over. It turned out that the engine runs on Minix. Google is working to limit the functionality of the Management Engine, which critics also describe as ‘backdoor’.