Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Critical Bug in Intel’s Management Engine – Patch Released

November 22, 2017

When the "heart" of your computer has a bug, it's a real problem. Intel makes a lot of the chips that comprise the main engine of many computers. Apparently, there are vulnerabilities severe enough to allow attackers to install rootkits on vulnerable PCs, retrieve data processed inside CPUs, and cause PC crashes. Ouch! What systems are impacted? Intel says the following ME, SPS, and TXE firmware versions are affected:

  • ME firmware versions 11.0/11.5/11.6/11.7/11.10/11.20
  • SPS Firmware version 4.0
  • TXE version 3.0

In addition, the following products incorporate vulnerable firmware versions:

  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

Not to worry. There is a much easier way to determine if your computer is impacted. Intel has released a tool for Windows and Linux users to analyze the computer system for vulnerable firmware. Download the file and unzip it. Windows users should navigate the unzipped folder structure and execute IntelSA00086GUI.exe. If you have a vulnerable system, check with your system manufacturer for a firmware update. Lenovo has already released patches.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com