Jump to content


Intel Firmware Vuln

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 21 November 2017 - 12:10 PM


Intel Firmware Vuln
> https://www.us-cert....e-Vulnerability
Nov 21, 2017 - "Intel has released recommendations to address vulnerabilities in the firmware of the following Intel products: Management Engine, Server Platform Services, and Trusted Execution Engine. An attacker could exploit some of these vulnerabilities to take control of an affected system.
US-CERT encourages users and administrators to review the Intel links below and refer to their original equipment manufacturers (OEMs) for mitigation strategies and updated firmware."

Intel Security Advisory INTEL-SA-00086
> https://security-cen...anguageid=en-fr
1.0 - 20-November-2017 - Initial Release
1.1 - 21-November-2017 - Updated Recommended and minimum versions
1.2 - 22-November-2017 - Updated links to online support page
1.3 - 29-November-2017 - Updated title for Intel® Manageability Engine Firmware 8.x/9.x/10.x
1.4 - 01-December-2017 - Added clarification for physical access requirement
1.5 - 19-December-2017 - Updated references for Intel® Manageability Engine Firmware 6.x/7.x
1.6 - 22-December-2017 - Further clarified references to Intel® Manageability Engine Firmware 6.x/7.x

Support Article
> https://www.intel.co...9/software.html
Last Reviewed: 11-Dec-2017

Detection Tool
> https://downloadcent.../download/27150
Last Reviewed: 26-Dec-2017

- https://www.security....com/id/1039852
CVE Reference: CVE-2017-5705, CVE-2017-5708, CVE-2017-5711, CVE-2017-5712
Updated: Dec 5 2017
Nov 21 2017
Version(s): 11.0, 11.5, 11.6, 11.7, 11.10, 11.20 ...
The following processor series are affected:
6th, 7th, and 8th Generation Intel Core
Intel Xeon Processor E3-1200 v5 and v6
Intel Xeon Processor Scalable
Intel Xeon Processor W
Intel Atom C3000 Processor
Apollo Lake Intel Atom Processor E3900 series
Apollo Lake Intel Pentium
Celeron N and J series Processors
[Editor's note: The Intel Trusted Execution Engine (TXE) and Intel Server Platform Services (SPS) products are affected by separate vulnerabilities.] ...
Impact: A remote authenticated user can obtain elevated privileges on the target system.
A local user can obtain elevated privileges on the target system.
Solution: The vendor has issued a fix...


Edited by AplusWebMaster, 28 December 2017 - 02:38 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button