Intel vPro Remote Management Suite Vulnerabilites

Intel has released details of several vulnerabilities related to its vPro remote-management suite, specifically the Management Engine (ME) 11.x, Server Platform Services (SPS) 4.0.x and the Trusted Execution Engine (TXE) 3.0.x.

Exploitation of these may allow a user to escalate their privileges, load and execute code, impersonate remote-administration software or cause system crashes.

Intel has made available firmware patches for device manufacturers using its affected processors, which include some Core, Xeon, Atom, Pentium and Celeron CPUs present in millions of systems.

It will take some time until all users will receive the necessary patches. Intel itself only expects to release BIOS updates for its affected NUC, Compute Stick, and Compute Card mini PCs and development kits in December. More than 30 device models are impacted by the vulnerabilities.

Affected Platforms

• • • 6th, 7th & 8th Generation Intel Core processor family
    • Intel Xeon Processor E3-1200 v5 & v6 product family
    • Intel Xeon processor scalable family
    • Intel Xeon Processor W family
    • Intel Atom C3000 processor family
    • Apollo Lake Intel Atom processor E3900 series
    • Apollo Lake Intel Pentium
    • Intel Celeron N and J series processors

Acer has published a list of roughly 240 affected notebooks and desktop PCs, including Packard Bell, Gateway, Aspire, Veriton, TravelMate, Predator, and Extensa models. The company has yet to determine when firmware updates will become available.

Dell has published an advisory for laptops and desktop PCs, and a separate advisory for PowerEdge servers. Over 180 laptops and desktop PCs are affected by the security holes, including many Alienware, Inspiron, Latitude, OptiPlex, Precision, Vostro, and XPS models.

Dell expects to release firmware updates for some of the impacted products next month or in January 2018, but for most systems the target date has yet to be determined. In the meantime, the company has advised users to “ensure that systems are physically secured where possible, and follow good security practices to ensure that only authorized personnel have hands-on access to devices.”

Fujitsu has also published an advisory, informing users that more than 30 of its mainboards, 43 Esprimo desktop PCs, 11 Celsius workstations, 10 Primergy servers, and 67 LifeBook, Stylistic and Celsius laptops and tablets are affected. The vendor’s investigation is ongoing so new models could be added to the list at any time.

Updates are already available for some of the impacted Fujitsu products, but a release date has yet to be confirmed for many of them.

HPE has advised users to install the available firmware updates for affected ProLiant and Synergy servers. The company also pointed out that attacks requiring physical access to the motherboard can be detected using the optional hood latch. In addition, attacks should be blocked by the vendor’s Silicon Root of Trust feature, which ensures that unauthorized firmware cannot be run on a machine.

Lenovo has already released patches for many of its products and more updates are expected to become available this week.

Panasonic has also published an advisory to inform customers that its rugged laptops and tablets are affected by the vulnerabilities in Intel chips. Some of the impacted devices will receive updates in January 2018.

Detection Tool

A detection tool ( https://downloadcenter.intel.com/download/27150 ) has been released by Intel which is able to analyse a system for vulnerabilities. Administrators are encouraged to download and use this tool. The INTEL-SA-00086 Detection Tool will assist with detection of the security vulnerability described in INTEL-SA-00086.

Ensure systems are using updated firmware and have Intel Capability Licencing Service installed.