Millions of PCs at risk from Intel firmware flaw

By Dylan Bushell-Embling
Monday, 27 November, 2017

Millions of PCs at risk from Intel firmware flaw

Intel has issued a security alert for elevation of privilege vulnerabilities that impact a wide range of the company's chipsets that could leave potentially millions of desktop computers at risk.

The vulnerability was brought to Intel's attention by an unnamed team of external researchers, the company said. It affects systems using eight different firmware versions.

A security review conducted after the vulnerability was brought to light found that attackers could potentially gain access to target machines by exploiting flaws in Intel's Management Engine, Intel Server Platform Service or Intel Trusted Execution Engine.

Affected chipsets include sixth-, seventh- and eighth-generation Intel Core processors as well as various Intel Xeon, Atom, Apollo Lake and Celeron processors.

Some of the exploits could potentially allow attackers to execute arbitrary code, while others could allow access to privilege-protected content, cause a system crash or system instability and compromise local security features.

Some issues also involve Intel's Active Management Technology (AMT), which was the subject of an earlier security alert in May. The exploit, discovered by smart device security company Embedi, could have potentially allowed attackers to gain full control over a targeted computer even if it is turned off.

Intel has issued patches for the newly discovered vulnerabilities, but desktop and laptop manufacturers will now need to create and distribute their own customised patches, which are unlikely to be installed by all but the most security-conscious of users.

Intel has released a downloadable vulnerability detection tool and highly recommends affected users install updated firmware as quickly as possible.

Follow us and share on Twitter and Facebook

Related Articles

GDPR is an opportunity not a threat

Although many Australian businesses won't be ready for the implementation of the EU's...

Huge IoT botnet may be used for Ukraine attack

Cisco's Talos threat intelligence unit has discovered a major IoT botnet that may be linked...

Australians lost $340m to scammers in 2017

Total losses from scams reported to Australian government agencies grew to $340m in 2017, the...

  • All content Copyright © 2018 Westwick-Farrow Pty Ltd