Intel was named the largest semiconductor chip maker in the world. Its products are empowering most of personal computers at a worldwide level. Computer systems manufacturers like Dell, Apple, and HP are also part of Intel’s large client portfolio. Nonetheless, the company discovered that features in charge of the remote management of its processors were harboring a security compromise for almost a decade.
The Security Compromise Affected Business Clients Mostly
On Monday, Intel released an online advisory that reported in its turn a major issue. The company discovered a critical security breach. In case cyber attackers were aware of this weak point, they would have had the possibility to gain full control over certain computers that develop their activities on exposed networks. As a consequence, the company released a patch that solves the issue with Intel Standard Manageability, Active Management Technology, and Intel Small Business Technology. All these three features are integrated into Intel processors.
Usually, there are mostly business clients who made use of those three services. Thanks to them, users were able to operate and administer computers remotely. Moreover, the bug developed a security compromise for vPro processors and avoided consumer PCs.
The newly discovered vulnerability received a critical status from Intel developers. As a consequence, the company urges customers to install the firmware patch as soon as possible. However, the security compromise in question did not impair all product lines. The bug is present in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for Small Business Technology, Standard Manageability, and Active Management Technology services. As such, all other versions outside this array are safe from this vulnerability.
Companies with LMS and AMT Enabled Were the Most Exposed to the Vulnerability
The company allocated support for a full assessment of the damages this bug might have created in the real world. The findings of the report claimed that several versions operated with a security hole that could have been exploited for years. However, cyber bullies couldn’t have taken advantage of this vulnerability without enabling and provisioning an Intel AMT service inside a network. Other researchers claimed that unprivileged attackers could gain access only if Local Manageability Service were active.
Thus, the company advises firms with LMS and AMT enabled to install the latest patch immediately. The parties in question can also employ a workaround solution if they are not able to install updates for the time being.
Image source: 1