The US government has warned businesses to act on an alert by Intel Corp about security flaws in popular computer chipsets.
A new Intel security alert has revealed that management firmware on a number of PC, server and IoT processor platforms released in recent years are vulnerable to a remote attack. The most severe vulnerability allows remote attackers to launch commands on a number of Intel-based computers, including desktops and laptops shipped with Intel Core processors since 2015.
The Department of Homeland Security (DHS) issued a guidance a day after Intel revealed it had identified security vulnerabilities in the “Management Engine”, a remote management software that shipped with eight different types of processers used in business PCs sold by a number of major hardware manufacturers like Dell, Lenovo, Hewlett Packard and other manufacturers.
“Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system,” an alert read.
Hackers can gain access to privileged system information, leaving millions of computers vulnerable to a takeover due to the bug. While most of the vulnerabilities require physical access, one allows for remote attacks with administrative access.
An alert by the DHS’ United States Computer Emergency Readiness Team had advised users to review the warning from Intel with an advisory that includes a software tool that checks whether a computer has a vulnerable chip. Further, the advisory has already urged those affected to seek out updates to mitigate the threat from computer makers.
A spokeswoman for Intel said the company provided software patches to fix the issue to all major computer manufacturers. Since then, HP, Dell and other major vendors have already completed patches for their firmware and in the process of rolling them out for distribution.
Image credit: Pixabay.