Last month, a Wi-Fi vulnerability called the KRACK Attack was brought to the surface that potentially affects billions of devices. Now this month, Intel announced a security alert for their processor platforms that could possibly affect millions of devices.
How bad is it?
Intel’s Management firmware on many recent PC, server, and Internet-of-Things are vulnerable to remote attacks. Much like the Wi-Fi vulnerability last month, an attacker could gain unauthorized access to the platform. Once they gain access successfully, they can access the intel Management Engine, and third-party secrets protected by the Intel Management Engine, Intel Server Platform Service, or Intel Trusted Execution Engine. If the attacker has access to these platform features they could load and execute arbitrary code outside the visibility of the user and operating system, impersonate the Management Engine/Server Platform Service/Trusted Execution Engine, and cause the system to crash or become unstable.
Which processors are affected?
Here is the list of processors that are affected by the vulnerabilities according to Intel.
- 6th, 7th and 8th Generation Intel Core processors
- Intel Xeon E3-1200 v5 and v6 processors
- Intel Xeon Scalable processors
- Intel Xeon W processors
- Intel Atom C3000 processors
- Apollo Lake Intel Atom E3900 series
- Apollo Lake Intel Pentiums
- Celeron N and J series processors
Intel has released recommendations to address vulnerabilities in the firmware, and the United States Computer Emergency Readiness Team (US-CERT) already posted information about the vulnerability as soon as Intel released this information.
The links below refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware.