US Government Warns Businesses Over Intel Management Engine Flaw

The US Department of Homeland Security has warned businesses to take action after Intel issued an alert about a flaw with some of its widely used processors.

The law concerns the “Management Engine” (ME), which was until now a little known ‘master controller’ from Intel that shipped with eight types CPUs since 2008.

These processors were typically used in business computers sold by Dell, Lenovo, HP and others, and could potentially mean that millions of computers are now exposed to the flaw.

Patched Flaw

As a result, Intel has issued a critical firmware update for the ME, available here. Intel said it was responding after the flaw was discovered last week by external researchers.

“In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience,” the chip giant noted.

“As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk,” it added. “Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.”

The management engine essentially interfaces with system firmware during the boot up process. It therefore has direct access to system memory, the screen, keyboard, and network.

The ME code is said to be highly secret, but last week new vulnerabilities in the Active Management (AMT) module in some MEs meant that computers using Intel CPUs could be vulnerable to remote and local attackers.

And now the US government has waded into the issue, after the US Department of Homeland Security issued guidance on the matter, Reuters has reported.

It has warned system admins to review the warning from Intel, which includes a software tool that checks whether a computer has a vulnerable chip. It also urged admins to contact their computer makers to obtain software updates and advice on strategies for mitigating the threat.

“US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware,” said the US government in its advisory.

Does IoT security concern you?

  • Yes (89%)
  • No (11%)

Loading ...

System Scares

Earlier this year Intel patched a remote execution flaw in millions of its workstation and server chips that remained under the radar for nine years.

That vulnerability, which has also been present since 2008, could have allowed hackers to gain system privileges in vulnerable computer hardware rather than go through the operating system, thus avoiding detection.

These flaws come at a time when Intel is spinning out is security division into the reinvigorated McAfee brand.

Quiz: What do you know about Intel?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago