Intel Firmware Vuln
Nov 21, 2017 - "Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware."
Intel Security Advisory INTEL-SA-00086
1.0 - 20-November-2017 - Initial Release
1.1 - 21-November-2017 - Updated Recommended and minimum versions
1.2 - 22-November-2017 - Updated links to online support page
1.3 - 29-November-2017 - Updated title for Intel® Manageability Engine Firmware 8.x/9.x/10.x
1.4 - 01-December-2017 - Added clarification for physical access requirement
1.5 - 19-December-2017 - Updated references for Intel® Manageability Engine Firmware 6.x/7.x
1.6 - 22-December-2017 - Further clarified references to Intel® Manageability Engine Firmware 6.x/7.x
Last Reviewed: 11-Dec-2017
Last Reviewed: 26-Dec-2017
CVE Reference: CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712
Updated: Dec 5 2017
Nov 21 2017
Version(s): 11.0, 11.5, 11.6, 11.7, 11.10, 11.20 ...
The following processor series are affected:
6th, 7th, and 8th Generation Intel Core
Intel Xeon Processor E3-1200 v5 and v6
Intel Xeon Processor Scalable
Intel Xeon Processor W
Intel Atom C3000 Processor
Apollo Lake Intel Atom Processor E3900 series
Apollo Lake Intel Pentium
Celeron N and J series Processors
[Editor's note: The Intel Trusted Execution Engine (TXE) and Intel Server Platform Services (SPS) products are affected by separate vulnerabilities.] ...
Impact: A remote authenticated user can obtain elevated privileges on the target system.
A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix...
Edited by AplusWebMaster, 28 December 2017 - 02:38 PM.