Intel released patches on Monday to protect millions of PCs and servers from vulnerabilities found in its Management Engine, Trusted Execution Engine and Server Platform Services that could allow local attackers elevate privileges, run arbitrary code, crash systems and eavesdrop on communications. In a security bulletin (INTEL-SA-00086) posted on Monday 20th November 2017, Intel said the patches were in response to external researchers who brought several vulnerabilities to its’ attention earlier this year. That external vulnerability notification triggered an internal review of Intel’s own Management Engine, Trusted Execution Engine and Server Platform Services.
Affected are the millions devices using Intel processors such as 6th, 7th and 8th Generation Intel Core processors and the chipmaker’s Xeon, Atom, Apollo Lake and Celeron processors.
Based on the items identified through the comprehensive security review, an attacker could gain unauthorized access to platform, Intel ME feature, and third party secrets protected by the Intel Management Engine (ME), Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE).
It is vital that organisations take these vulnerabilities seriously and apply patches as soon as possible.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street