Intel discloses security vulnerabilities in firmware for several Intel CPUs

What you’ll need to do for Intel CPUs with the vulnerable Intel Management Engine – Update the motherboard firmware

Intel has announced a security vulnerability present in several of its CPUs specifically:

  • 6th, 7th & 8th Generation Intel® Core™ Processor Family
  • Intel® Xeon® Processor E3-1200 v5 & v6 Product Family
  • Intel® Xeon® Processor Scalable Family
  • Intel® Xeon® Processor W Family
  • Intel® Atom® C3000 Processor Family
  • Apollo Lake Intel® Atom Processor E3900 series
  • Apollo Lake Intel® Pentium™
  • Celeron™ N and J series Processors

The vulnerability is related to the flaws in the management firmware that present in these CPUs and allows an attacker to, (among other things), “load and execute arbitrary code outside the visibility of the user and operating system.” Which is not good.

You can read the technical details on Intel’s Security Advisory titled SA-00086 at https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr

Intel has published a Intel SA-00086 software tool for Windows and Linux users at https://downloadcenter.intel.com/download/27150 which you can download and run on your computer to detect whether your computer is vulnerable.

Here’s a screenshot of the tool on a machine that is vulnerable

If you’re vulnerable, you will need to update your computer by doing a BIOS update. Intel has posted a support page at http://www.intel.com/sa-00086-support  which lists various PC makers (like Dell, Acer, etc) support pages. Most mainstream PC makers have already posted such support pages.

If you’ve gotten a custom built machine, you’ll need to go to your motherboard manufacturer’s website to see if they have a BIOS update.