Millions of PCs at risk from Intel firmware flaw
The vulnerability was brought to Intel's attention by an unnamed team of external researchers, the company said. It affects systems using eight different firmware versions.
A security review conducted after the vulnerability was brought to light found that attackers could potentially gain access to target machines by exploiting flaws in Intel's Management Engine, Intel Server Platform Service or Intel Trusted Execution Engine.
Affected chipsets include sixth-, seventh- and eighth-generation Intel Core processors as well as various Intel Xeon, Atom, Apollo Lake and Celeron processors.
Some of the exploits could potentially allow attackers to execute arbitrary code, while others could allow access to privilege-protected content, cause a system crash or system instability and compromise local security features.
Some issues also involve Intel's Active Management Technology (AMT), which was the subject of an earlier security alert in May. The exploit, discovered by smart device security company Embedi, could have potentially allowed attackers to gain full control over a targeted computer even if it is turned off.
Intel has issued patches for the newly discovered vulnerabilities, but desktop and laptop manufacturers will now need to create and distribute their own customised patches, which are unlikely to be installed by all but the most security-conscious of users.
Intel has released a downloadable vulnerability detection tool and highly recommends affected users install updated firmware as quickly as possible.
Apple has patched a major security vulnerability that allowed root access to Macs running the...
Intel has discovered vulnerabilities in the firmware of a range of processors that could...
Malwarebytes has forecast a rise in cryptojacking, PowerShell-based attacks and the use of worms...