Users with affected computers will need a firmware fix from the machine’s vendor
Intel has patched a remote execution flaw in millions of its workstation and server chips that remained under the radar for nine years.
“There is an escalation of privilege vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs,” explained Intel’s security advisory.
The vulnerability, which has been present since 2008, could allow hackers to gain system privileges in vulnerable computer hardware rather than need to go through the operating system, thus avoiding detection.
As Intel’s AMT allows access to a machine’s network hardware, an attacker could exploit the security hole and spread attacks to other systems on a network.
Hardware hack risk
Essentially, the bug, discovered and reported in by Maksim Malyutin at Embedi in March and labled CVE-2017-5689, sits at the core of a computer’s silicon brain. This means that any malware exploits and hack attacks would be virtually impossible to detect as they site beyond the sight of anti-virus software and a machine’s operating system.
To squash the bug, a firmware update is needed to close the backdoor that looks to be present in millions of Intel chips and therefore millions of computers across the world.
Intel has a patch to fix the vulnerability, but people and businesses with affected machines will likely need to rely on the vendor of their computers and servers to push out the firmware update.
However, the chip maker has advised quick fixes in the from of rather complicated tweaks and disabling or removing the Local Manageability Service on affected systems.
In short, the vulnerability is a serious one and will require computer vendors to work on getting Intel’s firmware fix to customers using affected machines, though users of machines with consumer grade Intel chips appear to be unaffected by the flaw.
In a minor twist if irony, the flaw comes at a time when Intel is spinning out is security division into the reinvigorated McAfee brand.