Forwarded from TechToday News
#Hardware #Vulnerability #Report
Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Multiple vulnerabilities in Intel Manageability Engine Firmware allow local arbitrary code execution & privilege escalation.
⚠️ upgrading your CPU firmware
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.
In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.
🔹 6th, 7th & 8th Generation Intel® Core™ Processor Family
🔹 Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
🔹 Intel® Xeon® Processor Scalable Family
🔹 Intel® Xeon® Processor W Family
🔹 Intel® Atom® C3000 Processor Family
🔹 Apollo Lake Intel® Atom Processor E3900 series
🔹 Apollo Lake Intel® Pentium™
🔹 Celeron™ N and J series Processors
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086
Intel Q3’17 ME 11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
Multiple vulnerabilities in Intel Manageability Engine Firmware allow local arbitrary code execution & privilege escalation.
⚠️ upgrading your CPU firmware
Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine (ME), Intel® Server Platform Services (SPS), and Intel® Trusted Execution Engine (TXE) with the objective of enhancing firmware resilience.
As a result, Intel has identified security vulnerabilities that could potentially place impacted platforms at risk.
Description: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of its Intel® Management Engine (ME), Intel® Trusted Execution Engine (TXE), and Intel® Server Platform Services (SPS) with the objective of enhancing firmware resilience.
As a result, Intel has identified several security vulnerabilities that could potentially place impacted platforms at risk. Systems using ME Firmware versions 11.0/11.5/11.6/11.7/11.10/11.20, SPS Firmware version 4.0, and TXE version 3.0 are impacted.
Affected products: 🔹 6th, 7th & 8th Generation Intel® Core™ Processor Family
🔹 Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
🔹 Intel® Xeon® Processor Scalable Family
🔹 Intel® Xeon® Processor W Family
🔹 Intel® Atom® C3000 Processor Family
🔹 Apollo Lake Intel® Atom Processor E3900 series
🔹 Apollo Lake Intel® Pentium™
🔹 Celeron™ N and J series Processors
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086