Intel Releases Patch For Nine Year Flaw In Workstation And Server Chips

Intel has patched a remote execution flaw in millions of its workstation and server chips that remained under the radar for nine years.

“There is an escalation of privilege vulnerability in Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology versions firmware versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 that can allow an unprivileged attacker to gain control of the manageability features provided by these products. This vulnerability does not exist on Intel-based consumer PCs,” explained Intel’s security advisory.

The vulnerability, which has been present since 2008, could allow hackers to gain system privileges in vulnerable computer hardware rather than need to go through the operating system, thus avoiding detection.

As Intel’s AMT allows access to a machine’s network hardware, an attacker could exploit the security hole and spread attacks to other systems on a network.

Hardware hack risk

Essentially, the bug, discovered and reported in  by Maksim Malyutin at Embedi in March and labled CVE-2017-5689, sits at the core of a computer’s silicon brain. This means that any malware exploits and hack attacks would be virtually impossible to detect as they site beyond the sight of anti-virus software and a machine’s operating system.

To squash the bug, a firmware update is needed to close the backdoor that looks to be present in millions of Intel chips and therefore millions of computers across the world.

Intel has a patch to fix the vulnerability, but people and businesses with affected machines will likely need to rely on the vendor of their computers and servers to push out the firmware update.

However, the chip maker has advised quick fixes in the from of rather complicated tweaks and disabling or removing the Local Manageability Service on affected systems.

In short, the vulnerability is a serious one and will require computer vendors to work on getting Intel’s firmware fix to customers using affected machines, though users of machines with consumer grade Intel chips appear to be unaffected by the flaw.

In a minor twist if irony, the flaw comes at a time when Intel is spinning out is security division into the reinvigorated McAfee brand.

As life time in chips: what do you know about Intel?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Mark Zuckerberg Overtakes Bezos To Become Second-Richest Man

Billionaire battle. Meta's boss Mark Zuckerberg overtakes Jeff Bezos to become the world’s second richest…

11 hours ago

US, Microsoft Disrupts Russian FSB Hackers

Internet domains used by “Russian intelligence agents and their proxies” for cyberattacks, seized by the…

14 hours ago

Mike Lynch Died From Drowning, Coroner Inquest Rules

UK's tech billionaire Dr Mike Lynch died from drowning on his superyacht, but his daughter's…

16 hours ago

Tesla Recalls 27,000 Cybertrucks Over Rear Camera Issue

Another recall for thousands of Tesla Cybertrucks over delay with rear camera, with could hamper…

1 day ago

Browser Firms Press EU To Reconsider Microsoft Edge As Gatekeeper

Browser firms write to European Commission alleging Microsoft's Edge web browser enjoys an unfair advantage

1 day ago

Microsoft Invests €4.3 Billion In Italy For AI, Cloud

Data centre and AI spending spree continues over at Microsoft, with Italy earmarked for €4.3…

1 day ago