Intel announced on Monday that an external research team security review has found a potentially catastrophic vulnerability that is spread across millions of machines. Lenovo USA warned an attacked could use the exploit to load and execute arbitrary code outside the visibility of the user.
‘Arbitrary Remote Code Execution’
According to Ars Technica, the exploit will allow “…arbitrary remote code execution and privileged information access”. In layman’s terms, this means that an attacker could possibly use this flaw in order to gain control over a target machine, execute nefarious instructions, install viruses and rootkits, and interfere with normal operations by freezing or shutting down the system.
The Intel announcement lists the following products as being affected by the issue:
- 6th, 7th & 8th Generation Intel® Core™ Processor Family
- Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
- Intel® Xeon® Processor Scalable Family
- Intel® Xeon® Processor W Family
- Intel® Atom® C3000 Processor Family
- Apollo Lake Intel® Atom Processor E3900 series
- Apollo Lake Intel® Pentium™
- Celeron™ N and J series Processors
Is Your Intel Machine Affected?
In the same announcement, Intel released a tool that can help detect whether vulnerabilities exist in users’ machines. Once downloaded and unzipped, the easiest way to use the tool is to navigate to the DiscoveryTool.GUI folder, and run the file Intel-SA-00086-GUI.exe. Within a few seconds, the program will advise if a system is at risk.
If your system is vulnerable, Intel suggests that you follow their instructions on how to update your firmware as soon as possible.
PC Manufacturers Panic
Major PC makers like Dell, HP, and Lenovo have gone into overdrive in their attempts to reproduce the fix for distribution to affected systems in their various product lines.
Dell issued a statement detailing their awareness of the issue, and included a list of all machines affected by the bug. This ranges from their XPS tower systems to their Latitude notebooks, and even some of their Alienware gaming machines.
The issue in question is related to Intel’s Management Engine, or ME. The ME has come under fire in recent months for fears that it represents a massive security flaw that could lead to hacks such as the exploit currently in question.
In a tech piece that appeared in The Register earlier this month, getting access and taking control of the ME means that an attacker could “… take full control of a box, underneath and out of sight of whatever OS, hypervisor or antivirus is installed.”
A large part of the criticism against ME has come from Positive Technologies, which is a security research firm. While the Intel announcement didn’t explicitly say Positive Technologies was the “external research team” in question, the company has been making statements about proving their findings since as early as September of 2017.
The flaw has sometimes been referred to as a ‘God-mode’ hack, implying that the powers this exploit could give to an attacker are seemingly limitless in scope.
Researchers Mark Ermolov and Maxim Goryachy of Positive Technologies released an announcement for an upcoming presentation at Black Hat Europe 2017 entitled, “How to Have a Turned-Off Computer, or Running Unsigned Code in Intel Management Engine”.
‘Intel ME Has Access to Almost All Data on the Computer’
From the announcement, Ermolov and Goryachy wrote: “The [platform controller hub] carries almost all communication between the processor and external devices; therefore Intel ME has access to almost all data on the computer, and the ability to execute third-party code allows compromising the platform completely.”
While it’s good to see that Intel has responded to the vulnerability, it is a little disconcerting that word of this issue has been floating around for at least two months, if not longer, before a fix was issued.
Do you know if your machine is affected? Tell us about it in the comments.
Images via Wikipedia,