Thanks to an investigation by third-party researchers into Intel’s hidden firmware in certain chips, Intel decided to audit its firmware and on Monday confirmed it had found 11 severe bugs that affect millions of computers and servers. The flaws affect Management Engine (ME), Trusted Execution Engine (TXE), and Server Platform Services (SPS).



The bugs affect systems using Intel’s 6th, 7th, and 8th Generation Core CPUs, a range of Xeon processors, as well the Apollo Lab Atom E3900 series, Apollo Lake Pentium, and Celeron N and J series chips. Intel says the flaws would allow an attacker to “Impersonate the ME/SPS/TXE, thereby impacting local security feature attestation validity”. The attacker could also load and execute arbitrary code that would be invisible to the user and operating system.

Discussion

Source: [H]ardOCP – Intel: We’ve Found Severe Bugs in Secretive Management Engine, Affecting Millions