Intel's latest Core processors have serious security flaws

[Spartan]

Intel has confirmed previous reports that its recent PC, internet of things and server chips are vulnerable to remote hacking. The problem is with the onboard "Management Engine," which has multiple holes that could let remote attackers run malicious software, get privileged access and take over computers. The vulnerability affects sixth, seventh and eighth generation Core chips (Skylake, Kaby Lake and Kaby Lake R), along with Pentium, Celeron, Atom and multiple Xeon chipsIn the worst case scenario, the vulnerabilities can allow hackers to "load and execute arbitrary code outside the visibility of the user and operating system," Intel wrote in the security bulletin. Other flaws affect the Management Engine and Intel's Server Platform Services, potentially giving hackers privilege escalation rights.

Intel has published a detection tool for Linux and Windows to help administrators and users detect if their systems are vulnerable. It has also posted a fix for its PC customers, but so far, but only Dell, Lenovo and Intel itself (for its NUC and Compute Sticks) have listed affected systems. No firmware updates appear to be available yet.

 

Matthew Garrett@mjg59

 

Thoughts on the latest Intel ME vulnerabilities: based on public information, we have no real idea how serious this is yet. It could be fairly harmless, it could be a giant deal.

 

 

If you own a recent PC with a Core or Pentium Intel chip, it's safe to assume that you're probably affected -- both Lenovo and Dell's lists are very large. On the plus side, researchers say that so far, there's no way to exploit the flaws unless you already have access to a network. That could change, however: "We have no real idea how serious this is yet," said Google security researcher Matthew Garrett. "It could be fairly harmless, it could be a giant deal."

 

[bhaigan]