Intel patches ME 11.x, SPS 4.0, and TXE 3.0 products
Intel patches ME 11.x, SPS 4.0, and TXE 3.0 products

Positive Technologies researchers identified elevation of privilege exploits in various Intel product families which could enable a system crash or system instability, among other issues.

The issues were spotted after the firm performed an in-depth comprehensive security review of their Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) products with the objective of enhancing firmware resilience, according to a Nov. 20, 2017 security advisory.

Researchers identified several security exploits that could potentially place impacted platforms at risk and impact systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0.

Vulnerabilities were found in 6th, 7th & 8th Generation Intel Core Processor Family, Intel Xeon Processor E3-1200 v5 & v6 Product Family, Intel® Xeon® Processor Scalable Family, Intel Xeon Processor W Family, Intel Atom C3000 Processor Family, and the Apollo Lake Intel Atom Processor E3900 series.

The Apollo Lake Intel Pentium and Celeron N and J series Processors were also found to be vulnerable as well. If exploited, the vulnerabilities would have allowed attackers to impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.

Researchers recommend users check for firmware updates and ensure all of their systems are kept up to date.