US Government Warns Businesses Over Intel Management Engine Flaw

The US Department of Homeland Security has warned businesses to take action after Intel issued an alert about a flaw with some of its widely used processors.

The law concerns the “Management Engine” (ME), which was until now a little known ‘master controller’ from Intel that shipped with eight types CPUs since 2008.

These processors were typically used in business computers sold by Dell, Lenovo, HP and others, and could potentially mean that millions of computers are now exposed to the flaw.

Patched Flaw

As a result, Intel has issued a critical firmware update for the ME, available here. Intel said it was responding after the flaw was discovered last week by external researchers.

“In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience,” the chip giant noted.

“As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk,” it added. “Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.”

The management engine essentially interfaces with system firmware during the boot up process. It therefore has direct access to system memory, the screen, keyboard, and network.

The ME code is said to be highly secret, but last week new vulnerabilities in the Active Management (AMT) module in some MEs meant that computers using Intel CPUs could be vulnerable to remote and local attackers.

And now the US government has waded into the issue, after the US Department of Homeland Security issued guidance on the matter, Reuters has reported.

It has warned system admins to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. It also urged admins to contact their computer makers to obtain software updates and advice on strategies for mitigating the threat.

“US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware,” said the US government in its advisory.

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

System Scares

Earlier this year Intel patched a remote execution flaw in millions of its workstation and server chips that remained under the radar for nine years.

That vulnerability, which has also been present since 2008, could have allowed hackers to gain system privileges in vulnerable computer hardware rather than go through the operating system, thus avoiding detection.

These flaws come at a time when Intel is spinning out is security division into the reinvigorated McAfee brand.

Quiz: What do you know about Intel?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Boeing Starliner Launches Successfully, On Route To International Space Station

Boeing's crewless space taxi, CST-100 Starliner, one step closer to NASA certification, as it enters…

16 hours ago

Apple Accused By Union Of Staff Law Violations At NY Store

Staff at Apple's World Trade Centre store in New York are allegedly being questioned and…

19 hours ago

Canada To Join Five Eyes 5G Ban On Huawei/ZTE

Making it official. Canada is to turn its unofficial ban on 5G kit from Huawei…

19 hours ago

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

1 day ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

1 day ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

2 days ago