A few days ago, Intel announced a complete review of its ME firmware and created some fixes for that, as well as for the Intel Server Platform Services (SPS) and Intel Trusted Execution Engine (TXE). At the moment there is a tool (available for Windows and Linux) from Intel that detects vulnerabilities on your PC. However for Elevation of Privilege fixes you will have to wait the service of your motherboard maker or laptop OEM.


According to Intel the new vulnerabilities could offer unauthorized access to platform and let any attacker to load and execute arbitrary code. The company has reviewed and updated its Management Engine (versions 11.0 to 11.20), Server Platform Services (SPS) version 4.0, and Trusted Execution Engine version 3.0 in order to improve "firmware resilience." The list of affected products includes:

• Sixth-, seventh-, and eight-generation Intel Core Processor family
• Intel Xeon Processor E3-1200 v5 and v6 product family
• Intel Xeon Processor Scalable family
• Intel Xeon Processor W family
• Intel Atom C3000 Processor family
• Apollo Lake Intel Atom Processor E3900 series
• Apollo Lake Intel Pentium
• Celeron N- and J- series Processors

If you are an end user, you have to wait for motherboard and system makers to integrate Intel's updates into BIOS updates. According to latest informations, Gigabyte is already working on a new BIOS update which will fix Intel ME and TXE security vulnerabilities. The company will start with the Z370 and 200 series, and then work through previous generation. We have run the Intel tool on one of our system based on Intel X99 chipset and it isn't vulnerable. If your system requires a BIOS update, we suggest to keep an eye on it.



Source: Intel