Intel Management Engine flaws could put millions of PCs at risk

null

Intel has confirmed that much of its top-end hardware products contain a potentially major security vulnerability that could leave users at risk of being spied on.

The flaw affects Intel Management Engine, a remote administration service that allows managers or admins to take over access of a device to fix issues or problems, but when compromised, could allow hackers or criminals access to a computer that would give them the ability to spy on a user's activity.

Management Engine lives on a separate micro-processor within a device's CPU, which means that the problem affects nearly all Intel hardware powering PCs and servers on sale today. This includes the company's 6th, 7th, and 8th generation Core processors, as well as Xeon, Xeon Scalable, Atom and Apollo Lake products, meaning millions of business and consumer users could be at risk across the world.

Intel has now released a security advisory note confirming that it has, "identified security vulnerabilities that could potentially place impacted platforms at risk." 

The flaws would potentially let hackers gain authorised access to Intel Management Engine, also allowing access to Intel's Server Platform Service and Trusted Execution Engine services too.

The company has also published a Detection Tool so Windows and Linux administrators can check their systems to see if they're exposed, and is working with harwdare partners to release fimrware updates to fix the issue, although so far it seems only Lenovo has one on offer.

"Businesses, systems administrators, and system owners using computers or devices that incorporate these Intel products should check with their equipment manufacturers or vendors for updates for their systems, and apply any applicable updates as soon as possible," the company told Wired in a statement.