Modern processors do far more than just run the programs we ask them to, and one example of the extra work they do is to run security checks, making sure only the code the user wants is being executed. Intel has multiple systems built into its CPUs to that end, including the Management Engine, Trusted Execution Engine, and Server Platform Services, all of which the company has now acknowledged have flaws. These flaws could allow successful attackers to impersonate these systems, and as these systems exist as within the CPU as separate processors and firmware, arbitrary code could be executed without either the user or the operating system being aware. These flaws have earned a severity rating from Intel of Important, which is only surpassed by Critical that indicates the remote execution of malicious code without user action. At least this would suggest these flaws cannot be exploited remotely.
These flaws have been found following an internal audit of these technologies after external researchers discovered one of them in the Intel Management Engine (IME) firmware. As ZDNet points out, IME has been such a concern, as its firmware cannot be inspected by any outside of Intel, that Google built its own system called the Non-Extensible Reduced Firmware (NERF) to manage Chromebooks. NERF uses a different operating system (Linux instead of MINIX) and removes various elements from IME, such as its web server, IP stack, EUFI drivers, and its ability for IME and EUFI to self-reflash firmware.
Affected products include 6th, 7th, and 8th generation Core processors, the Xeon E3-1200 v5 and v6 family, Xeon Scalable family, Xeon W family, Atom C3000 family, the Apollo Lake Atom E3900 series, Apollo Lake Pentium, and Celeron N and J series processors. New firmware is being created and deployed by system manufacturers to fix these flaws, and Intel has released a detection tool for Windows and Linux to identify these vulnerabilities. You can find the tool and links to manufacturer support pages through the Intel source.
Back to original news post