Major vulnerability affects vPro processors
Intel has just patched a critical vulnerability in its vPro processors, and worryingly this flaw has existed for no less than seven years.
To be precise, the problem is an escalation of privilege vulnerability in Intel’s Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology firmware – a bug which could be leveraged by an attacker to gain full control over a computer, then install malware or take other nefarious actions.
The average user needn’t worry about this, as it doesn’t affect Intel’s CPUs aimed at consumers, but business users with PCs or servers running vPro processors and utilising Intel’s AMT service have apparently been open to exploit for the best part of a decade.
The company said the problem affected Intel’s manageability firmware from version 6.x through to 11.6, but not versions before or after these.
Core of the matter
Those running any of these versions of Intel’s manageability firmware should ensure that their system is patched pronto, following the instructions Intel gives here.
These details show you how to find out if your PC is affected, and if it is, you’ll need to check with your computer manufacturer for updated firmware – or if the latter isn’t ready yet, use the mitigations Intel advises.
As Ars Technica reports, there has apparently been some debate in the security community about whether leveraging this flaw may require other conditions – such as having Local Manageability Service software running, as well as the aforementioned requirements – but it isn’t really clear whether this is the case or not.
At any rate, this is certainly a potentially very serious vulnerability which should get your full attention until it’s resolved one way or another.