Connect with us

Hi, what are you looking for?

Tech & Science

Intel releases fix for critical CPU flaw found after a decade

Intel detailed the impact of the vulnerability in a public disclosure made yesterday. The company described how the “escalation of privilege” attack lets hackers target thousands of machines fitted with Intel Active Management Technology, Standard Manageability or Small Business Technology systems.
As discovered by SemiAccurate over five years ago, Intel firmware versions ranging from 6.x up to 11.6 are known to be affected. Security researchers have suggested the threat posed by the issue is significant but likely to be mitigated by protections around the affected software services. To remotely hijack a PC over the Internet, an attacker would also have to bypass some Windows services.
An analysis of the number of affected machines currently in use worldwide uncovered around 7,000 PCs. Ars Technica reports HD Moore, vice president of research and development at Atredis Partners, ran a port scan across the Internet to find computers with ports 16992 and 16993 left open. Intel’s Active Management Technology uses these ports to communicate over networks. The vulnerability can only be exploited if they are open.
While this limits the scope for remote network-based attacks, physical access remains an option. An employee or user within a company could escalate their regular low-level privileges to system level, giving them control of the device. It’s a less common attack vector but one that represents a rising concern for larger companies.
Although the number of vulnerable PCs is relatively low, hundreds of thousands of machines will have been shipped worldwide with the affected chips. Intel’s vPro products are popular with businesses and are frequently found in workstation machines. The software in which the flaw was found is used by corporate IT departments to remotely manage hundreds of computers at once.
In its disclosure, Intel ranked the problem as “critical” and advised customers to immediately install updated firmware that resolves the issue. The company has backported its patch to all the affected firmware versions to ensure every impacted processor model is covered.
Although an update is now available, Intel’s leaving it up to individual hardware manufacturers to distribute the fix. Because of this, it’s unlikely that all the affected devices will receive the patch, leaving some vulnerable for the rest of their life.
Intel has published a list of mitigations to use if no update is available. They mostly focus on disabling its Active Management Software though, something that won’t be feasible in many business use cases. As is so often the case with cybersecurity alerts, some device owners will be forced to stay at risk long past the development of a fix. Even where updates are available it’s likely organisations will postpone their release until a more convenient time.

Written By

You may also like:

Tech & Science

This platform uses a computer-assisted diagnostic system called  Paige Prostate Suite in the clinical workflow.

Tech & Science

The information about the percentage of email users was retrieved from the reports by Statista and the reports about the number of emails sent...


Every day in a simple temple in an Indian village, Hindu priest Subhramanya Sharma prays to his god for JD Vance to become vice-president...


On an improvised pitch in war-ravaged Gaza, a young player and goalkeeper block out the boisterous crowd and focus solely on the football as...