A security advisory was published by Intel recently that announced patches that affect a large number of company products. The vulnerabilities that received patching were identified by researchers outside of Intel, who caused the company to perform “an in-depth comprehensive security review of its Intel Management Engine (ME), Intel Trusted Execution Engine (TXE), and Intel Server Platform Services (SPS) with the objective of enhancing firmware resilience.” The main risk of the vulnerabilities is that of privilege escalation, causing the vulnerabilities in question to receive CVSS ratings ranging from the mid 6s to high 8s. The affected products targeted by these Intel patches are as follows:
- 6th, 7th & 8th Generation Intel Core Processor Family
- Intel Xeon Processor E3-1200 v5 & v6 Product Family
- Intel Xeon Processor Scalable Family
- Intel Xeon Processor W Family
- Intel Atom C3000 Processor Family
- Apollo Lake Intel Atom Processor E3900 series
- Apollo Lake Intel Pentium
- Celeron N and J series Processors
There are eight Intel patches in total, which are for the following vulnerabilities that will be explained in detail:
- CVE-2017-5705 allows arbitrary code execution thanks to numerous kernel level buffer overflows. The main result of this is that it allows attackers to escalate privileges if they already have local access.
- CVE-2017-5708 gives numerous privilege escalation possibilities that result in access to sensitive data via an “unspecified vector.”
- CVE-2017-5711 is able to give a local attacker the ability to execute arbitrary code thanks to multiple buffer overflows in Active Management Technology (AMT).
- CVE-2017-5712 is again caused by buffer overflow in AMT. The difference is that the attacker, in order to leverage the vulnerability for code execution, must have remote admin access to the targeted system.
- CVE-2017-5706 allows a local access-holding attacker to execute arbitrary code due to numerous buffer overflows in Intel Server Platform Services Firmware 4.0.
- CVE-2017-5709 results from privilege escalation vulnerabilities that “allows unauthorized process to access privileged content via unspecified vector.”
- CVE-2017-5707 is caused by kernel-level buffer overflow vulnerabilities in Intel Trusted Execution Engine Firmware 3.0 and it allows local attackers the ability to execute arbitrary code.
- CVE-2017-5710 is also caused by privilege escalation vulnerabilities at the kernel level, which allows access to sensitive content
As is obvious from the notes with these Intel patches, the vulnerabilities have a lot of overlapping elements across numerous products. In a Threatpost report, it was pointed out that security researchers have long had suspicions about Active Management Technology (some researchers at Lenovo went as far as calling it a “backdoor enabled by default”). The warnings weren’t taken with much seriousness by Intel at the time, and it appears that it has come back to bite them.
The best thing that can be done at this point is for organizations using any of the listed Intel products to install the patches as soon as possible. Privilege escalation is one of the major goals for most hackers infiltrating networks, so it is important to cut the attack vector off at the source.
Photo credit: Flickr / JiahuiH