Positive Technologies researchers identified elevation of privilege exploits in various Intel product families which could enable a system crash or system instability, among other issues.
The issues were spotted after the firm performed an in-depth comprehensive security review of their Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) products with the objective of enhancing firmware resilience, according to a Nov. 20, 2017 security advisory.
Researchers identified several security exploits that could potentially place impacted platforms at risk and impact systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0.
Vulnerabilities were found in 6th, 7th & 8th Generation Intel Core Processor Family, Intel Xeon Processor E3-1200 v5 & v6 Product Family, Intel® Xeon® Processor Scalable Family, Intel Xeon Processor W Family, Intel Atom C3000 Processor Family, and the Apollo Lake Intel Atom Processor E3900 series.
The Apollo Lake Intel Pentium and Celeron N and J series Processors were also found to be vulnerable as well. If exploited, the vulnerabilities would have allowed attackers to impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.
Researchers recommend users check for firmware updates and ensure all of their systems are kept up to date.
