Millions of PCs at risk from Intel firmware flaw
The vulnerability was brought to Intel's attention by an unnamed team of external researchers, the company said. It affects systems using eight different firmware versions.
A security review conducted after the vulnerability was brought to light found that attackers could potentially gain access to target machines by exploiting flaws in Intel's Management Engine, Intel Server Platform Service or Intel Trusted Execution Engine.
Affected chipsets include sixth-, seventh- and eighth-generation Intel Core processors as well as various Intel Xeon, Atom, Apollo Lake and Celeron processors.
Some of the exploits could potentially allow attackers to execute arbitrary code, while others could allow access to privilege-protected content, cause a system crash or system instability and compromise local security features.
Some issues also involve Intel's Active Management Technology (AMT), which was the subject of an earlier security alert in May. The exploit, discovered by smart device security company Embedi, could have potentially allowed attackers to gain full control over a targeted computer even if it is turned off.
Intel has issued patches for the newly discovered vulnerabilities, but desktop and laptop manufacturers will now need to create and distribute their own customised patches, which are unlikely to be installed by all but the most security-conscious of users.
Intel has released a downloadable vulnerability detection tool and highly recommends affected users install updated firmware as quickly as possible.
Australia's Notifiable Data Breach legislation came into effect today, leaving Australian...
With the Notifiable Data Breach scheme about to start, two OAIC guides detail the steps to take...
Gartner urges a multistage approach to dealing with the new class of security vulnerability...