Labels

Managing Security Risk in the Face of Intel ME Vulnerabilities

In May 2017, Intel publicly released a critical vulnerability advisory concerning its Active Management Technology (AMT). The initial report detailed privilege escalation risk under CVE-2017-5689, which was patched by Intel.

Later in the year, researchers from Russia-based Positive Technologies discovered additional vulnerabilities in the firmware. The duo submitted the information to Black Hat Europe and announced that they plan to share it publicly in a 50-minute briefing on Dec. 6, 2017.

On Nov. 20, 2017, Intel released information on eight additional bugs found with relation to its ME technology, and confirmed that those can affect millions of endpoints and servers worldwide.

The vulnerabilities reported to date affect Intel Management Engine (Intel ME 11.0.0-11.7.0), Intel® Trusted Execution Engine (Intel TXE 3.0) and Intel Server Platform Services (Intel SPS 4.0). To help users determine if their assets are vulnerable or not, Intel released Intel-SA-00086 Detection tool. Via the advisory, users are directed to system manufacturers for patch updates and support.

Per its own security review, Intel notes that the vulnerabilities it found could affect PCs, servers and IoT platforms.

ME -> MINIX -> AMT, Where Did This Actually Start?

Continue reading this post here.


Labels:

Comments

  1. Ana CyberJuly 24, 2021 at 5:43 PM

    Extremely useful information which you have shared here about information security. This is a great way to enhance knowledge for us, and also beneficial for us. Thank you for sharing a post like this. Data Security Consultant

    ReplyDelete
  2. apcamericaOctober 8, 2021 at 11:16 AM

    Excellent information, this knowledge is excellent and very important for everyone. I am heartily thankful to you for providing this kind of information. Thanks once again for sharing it. pls visit our website video surveillance systems

    ReplyDelete
  3. titaniumcyberforceMarch 11, 2022 at 8:30 PM

    I admire this article for the well-researched content and excellent wording. Read more info about Web Security Consulting For Business. I got so involved in this material that I couldn’t stop reading. I am impressed with your work and skill. Thank you so much.

    ReplyDelete

Post a Comment