Security vulnerabilities can lead to some rather unpleasant uses by third parties with a nefarious agenda. Though some of these vulnerabilities are usually patched within weeks, others take much longer. Intel has just unveiled a patch for a flaw in its chips that dates back nearly a decade.
In an advisory published May 1, the company calls this an "escalation of privilege vulnerability", giving it a "critical" security rating. Products affected by it are Intel's manageability firmware versions 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, and 11.6, made for the firm's Active Management Technology, Intel Small Business Technology, as well as Intel Standard Manageability solutions. The versions before 6 and after 11.6 are not impacted, the chip maker goes on to say.
Intel has stated that in order for an attacker to gain control of the features provided by AMT, ISM, and Small Business Technology, he or she could take one of these routes:
- An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel® Active Management Technology (AMT) and Intel® Standard Manageability (ISM).
CVSSv3 9.8 Critical /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel® Active Management Technology (AMT), Intel® Standard Manageability (ISM), and Intel® Small Business Technology (SBT).
CVSSv3 8.4 High /AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Although SemiAccurate claims the vulnerability affects all chips from the firm's Nehalem processor architecture, launched in November 2008, all the way to current-generation Kaby Lake processors, Intel has stated that this flaw "does not exist on Intel-based consumer PCs".
In order to determine if you are affected, the chip maker recommends you check out this document, to see if you have an AMT, ISM or SBT-capable system. To discover if you are running an impacted version of the firmware, check this guide.