Intel patches new vulnerabilities in its Management Engine
The last year has not been Intel's best from a PC security perspective. Positive Technologies recently announced that PCs built with Intel processors going back to 2015's Skylake chips could be exploited through the computers' USB ports thanks to vulnerabilities in the CPUs' Minix-based Management Engine (ME) subsystem. The blue silicon giant has now acknowledged the problems and announced the availability of patches for motherboard and system makers to integrate into future BIOS updates.
Intel's statement indicates that "an attacker could gain unauthorized access to platform, [the] Intel ME feature, and third-party secrets protected by the Intel Management Engine, Intel Server Platform Service (SPS), or Intel Trusted Execution Engine (TXE)." That access could ...