Intel ME bug storm: Is your machine among 100s just named by Acer, Dell, HP, Lenovo?

Hardware vendors race to identify and provide updates for dangerous Intel flaws.

 

 

ideapad-720s-main.jpg 

Lenovo aims to update firmware this week for 138 models, including the new IdeaPad 720S, affected by the Intel flaws. Image: Lenovo

 

 

 

 

 

Big-brand PC and server manufacturers have listed models affected by flaws in hidden firmware on the microprocessor inside several Intel CPUs.

US-CERT has told all users and admins to review Intel's disclosure on Monday regarding several CPU families that were affected by eight security flaws related to its Management Engine, Server Platform Services, and Trusted Execution Engine. The flaws affect millions of PCs, laptops, servers, and IoT platforms.

Intel audited ME and other firmware after third-party researchers identified flaws in it earlier this year, which will be the subject of a talk at Black Hat in December. The researchers were exploring techniques to disable ME, which isn't normally feasible.

ME supports Intel's Active Management Technology (AMT), a powerful tool that allows admins to remotely manage devices used in business and education, even when the device is not booted. Several of the newly disclosed flaws affect AMT in the ME firmware.

The flaws are potentially very dangerous if an attacker successfully exploited them because they would allow the attacker to run malware that's invisible to the operating system.

Security firm Rapid7 notes that remote attackers could access some AMT components if remote management ports are left open, which may allow them to combine older flaws with the new flaws.

It advises checking Intel's AMT Manageability Ports reference page and scanning the corporate network for open Intel ME/AMT remote management ports and segmenting any open ones with an internal VPN using multi-factor authentication.

Shortly after the May 1 disclosure of an Intel AMT/ME flaw, Rapid7's Heisenberg Cloud detected a significant spike in scans for the ports used within the context of AMT remote management. It has not seen a similar spike following this week's disclosure.

Intel has released a detection tool to help Linux and Windows users identify if their machine is vulnerable. The company also has a page that provides links to support pages from each vendor as they confirm vulnerable machines.

So far there are advisories from Acer, Dell, Fujitsu, HPE Servers, Lenovo, and Panasonic, but there should be many more to come.

Lenovo will or is aiming to provide firmware updates for 138 models affected by the Intel flaws this Friday. However, it doesn't have a date for many of the affected machines.

Due to the nature of the flaws, Dell also is recommending owners of affected computers and servers ensure the hardware is "physically secured where possible" and that only authorized personnel have hands-on access.

Dell's client hardware advisory lists numerous Alienware, Inspiron, Latitude and Precision models affected. It plans to roll out updates through December and January, but lists many models as affected with updates to be determined. Dell has already released updates for 15 PowerEdge servers.

Acer has published a long list of affected models, including devices in its Aspire and TravelMate Spin range. It has yet to determine dates that firmware updates will be released.

Fujitsu is currently preparing support pages for products sold in different regions.

HPE has also provided updates for several affected ProLiant systems.

 

Comments are closed.

%d bloggers like this: