Millions of PCs at risk from Intel firmware flaw

Intel has issued a security alert for elevation of privilege vulnerabilities that impact a wide range of the company's chipsets that could leave potentially millions of desktop computers at risk.

The vulnerability was brought to Intel's attention by an unnamed team of external researchers, the company said. It affects systems using eight different firmware versions.

A security review conducted after the vulnerability was brought to light found that attackers could potentially gain access to target machines by exploiting flaws in Intel's Management Engine, Intel Server Platform Service or Intel Trusted Execution Engine.

Affected chipsets include sixth-, seventh- and eighth-generation Intel Core processors as well as various Intel Xeon, Atom, Apollo Lake and Celeron processors.

Some of the exploits could potentially allow attackers to execute arbitrary code, while others could allow access to privilege-protected content, cause a system crash or system instability and compromise local security features.

Some issues also involve Intel's Active Management Technology (AMT), which was the subject of an earlier security alert in May. The exploit, discovered by smart device security company Embedi, could have potentially allowed attackers to gain full control over a targeted computer even if it is turned off.

Intel has issued patches for the newly discovered vulnerabilities, but desktop and laptop manufacturers will now need to create and distribute their own customised patches, which are unlikely to be installed by all but the most security-conscious of users.

Intel has released a downloadable vulnerability detection tool and highly recommends affected users install updated firmware as quickly as possible.

Follow us and share on Twitter and Facebook