Security Alert (A17-11-05): Multiple Vulnerabilities in Intel Products


 

Published on: 22 November 2017

  
  

Description:

Intel has issued a security advisory to address multiple vulnerabilities in the Intel manageability products, including Intel® Management Engine (ME), Intel® Server Platform Services (SPS) and Intel® Trusted Execution Engine (TXE). Attackers could exploit the vulnerabilities to run arbitrary code on affected systems.

 

Affected Systems:

  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series

 

Impact:

Successful exploitation of the vulnerabilities could lead to arbitrary code execution, privilege escalation, information disclosure, or system crash on an affected system.

 

Recommendation:

Intel offers the INTEL-SA-00086 Discovery Tool to detect the presence of the vulnerabilities on a system. The Discovery Tool is available at the following URL:

https://downloadcenter.intel.com/download/27150

If the system is confirmed affected, users are advised to check with the system OEM for the updated firmware and update the firmware to a non-vulnerable version.

 

More Information:

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
https://www.hkcert.org/my_url/en/alert/17112201
https://www.us-cert.gov/ncas/current-activity/2017/11/21/Intel-Firmware-Vulnerability
https://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5705 (to 2017-5712)

 



Tag: Intel , Intel ME , Intel SPS , Intel TXE , Intel Core , Intel Xeon , Intel Atom , Apollo Lake , Celeron
Tags