Security researchers have raised concerns about Intel’s remote administration feature called Management Engine. This feature is very useful for IT managers, but it also requires deep system access that is also very attractive to attackers and hackers. Thus, if the Management Engine is compromised, it could lead to full computer system being taken over.
Several research groups have uncovered Management Engine bugs, and now Intel has confirmed that the flaws exist, leaving many companies scrambling. On Monday, Intel released a security advisory that lists all of the new vulnerabilities in the ME feature, as well as other bugs in the remote server management tool called Server Platform Service, and Intel’s hardware authentication tool called Trusted Execution Engine. Many have called the ME to be an unnecessary security hazard.
Intel was able to find the vulnerabilities after they conducted their own security audit following all the recent reports on the vulnerabilities. The company has also published a Detection Tool so Windows and Linux so system administrators can check to see if their system is exposed by the vulnerabilities.
Much like al the previous ME bugs, nearly every recently released Intel chip is impacted by this problem. It’s affecting PCs, Steve’s, and IoT devices. To fix the problem, Intel is able to provide updates to manufacturers, but customers have to wait for hardware companies to push the update out that fixes the vulnerabilities. Intel is keeping a running list of available for war updates, but so far only Lenovo and Intel are the only ones on there.
In a statement to The Jolt Journal, Intel said that “These updates are now available.” Furthermore, “Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible.” Basically, this means that it may be a little while before fixes make it to your device. In the mean time, it’s worth mentioning that the new vulnerabilities can cause instability or system crashes, so be on the lookout for that.
It will take time for Intel to get everything covered and to know the full scope of the ME bugs and their impact, but researchers have also warned of ME dangers for years. Intel on their part have not listened much. Now the company is scrambling to get fixes out by working with manufacturers. Intel’s comfort right now isn’t very comforting, the say the least. This entire problem could have been avoided if the ME was better worked on and if they also listened to security researchers.