Yesterday, ZDNet reported another security hole in the Intel Management Engine (ME). It also affects Intel’s Trusted Execution Engine (TXE) and Server Platform Services (SPS). ZDnet writer Liam Tung’s story is entitled “Intel: We’ve found severe bugs in secretive Management Engine, affecting millions.” It links to a note describing a detection tool for Windows and Linux systems. Alas, as another Intel ME security flaw discovered unfolds, several of my systems are affected. Helpfully, this screen shot from the tool’s GUI version spells things out:
All of my newer PCs are subject to this vulnerability. Sigh.
Another Intel ME Security Flaw Discovered: What to Do?
In fact, this particular flaw affects systems using Intel ME firmware versions 11.0.0 through 11.7.0, SPS firmware version 4.0, and TXE version 3.0. The processors that fall under this fairly broad umbrella include:
- 6th, 7th, and 8th generation Intel Core Processor Family:
- Intel Xeon Processor E3-1200 v5 and v6 Product Family
- Intel Xeon Processor Scalable Family
- Xeon Processor W Family
- Intel Atom® C3000 Processor Family
- Apollo Lake Intel Atom® Processor E3900 series
- Apollo Lake Intel® Pentium® Processors
- Intel® Celeron® N and J series Processors
Source: Intel’s Support Note SA-00086 (preceded item list quoted mostly verbatim)
If you like, you can download a detection tool from Intel to check your systems. Simply navigate into the DiscoveryTool.GUI folder. There, run the executable named Intel-SA-00064-GUI.exe. When run, the tool produces output like that shown in the preceding screen capture.
If you’re affected, you’ll need a BIOS fix from your system or motherboard maker to plug the security hole. According to posts on TenForums.com (where this vulnerability came to my attention), some motherboard vendors have already posted patched BIOSes. Alas, neither of my newish Asrock-based motherboards has a fix available yet. Hopefully, that will be addressed sooner, not later or never… In the meantime, grab and run this tool for yourself to see if you should be on the lookout for patches, too.