Intel security advisory, patches elevation of privilege exploits | SC Media
Patch management

Intel security advisory, patches elevation of privilege exploits

November 22, 2017

Positive Technologies researchers identified elevation of privilege exploits in various Intel product families which could enable a system crash or system instability, among other issues.

The issues were spotted after the firm performed an in-depth comprehensive security review of their Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE) products with the objective of enhancing firmware resilience, according to a Nov. 20, 2017 security advisory.

Researchers identified several security exploits that could potentially place impacted platforms at risk and impact systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0.

Vulnerabilities were found in 6th, 7th & 8th Generation Intel Core Processor Family, Intel Xeon Processor E3-1200 v5 & v6 Product Family, Intel® Xeon® Processor Scalable Family, Intel Xeon Processor W Family, Intel Atom C3000 Processor Family, and the Apollo Lake Intel Atom Processor E3900 series.

The Apollo Lake Intel Pentium and Celeron N and J series Processors were also found to be vulnerable as well. If exploited, the vulnerabilities would have allowed attackers to impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity.

Researchers recommend users check for firmware updates and ensure all of their systems are kept up to date. 

prestitial ad