Security researchers have discovered several security issues in the Intel remote administration feature (Management Engine), which could enable remote attackers to install rootkits on affected PCs, retrieve data processed inside CPUs, cause computer crashes and obtain full control over the targeted machine.
The Intel Management Engine (ME) is a subsystem that appears in many of Intel’s line of computer processors. It performs tasks during boot-up, while the machine is running, and while the computer is sleeping. An attacker that exploits a vulnerability and gains control over the Intel ME has untethered control over the entire computer.
Intel has released a security advisory on Monday acknowledging that the Management Engine (ME), remote server management tool Server Platform Services (SPS), and hardware authentication tool Trusted Execution Engine (TXE) are vulnerable to multiple critical security vulnerabilities that put millions of users at risk.
According to Intel:
Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel® ME feature, and 3rd party secrets protected by the Intel® Management Engine (ME), Intel® Server Platform Service (SPS), or Intel® Trusted Execution Engine (TXE).
The following Intel firmware versions are affected:
ME firmware versions 11.0/11.5/11.6/11.7/11.10/11.20
SPS Firmware version 4.0
TXE version 3.0
The chipmaker has published a tool for users that checks and reports if users’ machines are vulnerable.