November 23, 2017 by

US Govt Issues Warning About Vulnerability in Intel Chipsets

The US government has warned businesses to act on an alert by Intel Corp about security flaws in popular computer chipsets.

A new Intel security alert has revealed that management firmware on a number of PC, server and IoT processor platforms released in recent years are vulnerable to a remote attack. The most severe vulnerability allows remote attackers to launch commands on a number of Intel-based computers, including desktops and laptops shipped with Intel Core processors since 2015.

The Department of Homeland Security (DHS) issued a guidance a day after Intel revealed it had identified security vulnerabilities in the “Management Engine”, a remote management software that shipped with eight different types of processers used in business PCs sold by a number of major hardware manufacturers like Dell, Lenovo, Hewlett Packard and other manufacturers.

“Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system,” an alert read.

Hackers can gain access to privileged system information, leaving millions of computers vulnerable to a takeover due to the bug. While most of the vulnerabilities require physical access, one allows for remote attacks with administrative access.

An alert by the DHS’ United States Computer Emergency Readiness Team had advised users to review the warning from Intel with an advisory that includes a software tool that checks whether a computer has a vulnerable chip. Further, the advisory has already urged those affected to seek out updates to mitigate the threat from computer makers.

A spokeswoman for Intel said the company provided software patches to fix the issue to all major computer manufacturers. Since then, HP, Dell and other major vendors have already completed patches for their firmware and in the process of rolling them out for distribution.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

15-Year-Old Hacks Ledger Hardware Cryptocurrency Wallet

A teenage hacker has discovered a flaw in Ledger, a popular hardware wallet that could essentially...

Read more arrow_forward

Expedia’s Orbitz: 880,000 Payment Cards Struck by Data Breach

Orbitz, a subsidiary of online travel giant Expedia has revealed a data breach wherein hackers may...

Read more arrow_forward

Data Theft and Departing Employees – Why it Matters (Part 2)

In this article, LIFARS outlines the best practices toward protecting your organization from data...

Read more arrow_forward